CVE-2005-2473 - OpenCVE

Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, (8) DepositSlipID parameter to DepositSlipEditor.php, (9) QueryID parameter to QueryView.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Churchinfo	Churchinfo

Configuration 1 [-]

OR	cpe:2.3:a:churchinfo:churchinfo:1.1.1:::::::*
	cpe:2.3:a:churchinfo:churchinfo:1.1.2:::::::*
	cpe:2.3:a:churchinfo:churchinfo:1.1.3:::::::*
	cpe:2.3:a:churchinfo:churchinfo:1.1.4:::::::*
	cpe:2.3:a:churchinfo:churchinfo:1.1.5:::::::*
	cpe:2.3:a:churchinfo:churchinfo:1.1.6:::::::*
	cpe:2.3:a:churchinfo:churchinfo:1.2.0:::::::*
	cpe:2.3:a:churchinfo:churchinfo:1.2.1:::::::*
	cpe:2.3:a:churchinfo:churchinfo:1.2.2:::::::*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=112291550713546&w=2
http://secunia.com/advisories/16292
http://securitytracker.com/id?1014617
http://www.osvdb.org/18408
http://www.osvdb.org/18409
http://www.osvdb.org/18410
http://www.osvdb.org/18411
http://www.osvdb.org/18412
http://www.osvdb.org/18413
http://www.osvdb.org/18414
http://www.osvdb.org/18415
http://www.osvdb.org/18416
http://www.osvdb.org/18417
http://www.osvdb.org/18418
http://www.osvdb.org/18419
http://www.osvdb.org/18420
http://www.osvdb.org/18421
http://www.osvdb.org/18422
http://www.osvdb.org/18423
http://www.osvdb.org/18424
http://www.osvdb.org/18427
http://www.osvdb.org/18428
http://www.securityfocus.com/bid/14438
https://exchange.xforce.ibmcloud.com/vulnerabilities/21647

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-08-05T04:00:00

Updated: 2024-08-07T22:29:59.742Z

Reserved: 2005-08-05T00:00:00

Link: CVE-2005-2473

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-08-05T04:00:00.000

Modified: 2017-07-11T01:32:52.063

Link: CVE-2005-2473

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object