ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, an invalid Number parameter to (8) SelectList.php or (9) SelectDelete.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php, which reveal the path in an error message.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Churchinfo
  • Churchinfo

Configuration 1 [-]

OR cpe:2.3:a:churchinfo:churchinfo:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:churchinfo:churchinfo:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:churchinfo:churchinfo:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:churchinfo:churchinfo:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:churchinfo:churchinfo:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:churchinfo:churchinfo:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:churchinfo:churchinfo:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:churchinfo:churchinfo:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:churchinfo:churchinfo:1.2.2:*:*:*:*:*:*:*

No data.

References
Link Providers
http://marc.info/?l=bugtraq&m=112291550713546&w=2 cve-icon cve-icon
http://secunia.com/advisories/16292 cve-icon cve-icon
http://securitytracker.com/id?1014617 cve-icon cve-icon
http://www.osvdb.org/18425 cve-icon cve-icon
http://www.osvdb.org/18426 cve-icon cve-icon
http://www.osvdb.org/18429 cve-icon cve-icon
http://www.osvdb.org/18430 cve-icon cve-icon
http://www.osvdb.org/18431 cve-icon cve-icon
http://www.osvdb.org/18432 cve-icon cve-icon
http://www.osvdb.org/18433 cve-icon cve-icon
http://www.osvdb.org/18434 cve-icon cve-icon
http://www.osvdb.org/18435 cve-icon cve-icon
http://www.osvdb.org/18436 cve-icon cve-icon
http://www.osvdb.org/18437 cve-icon cve-icon
http://www.osvdb.org/18438 cve-icon cve-icon
http://www.osvdb.org/18439 cve-icon cve-icon
http://www.osvdb.org/18450 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/21648 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-08-05T04:00:00

Updated: 2024-08-07T22:30:00.728Z

Reserved: 2005-08-05T00:00:00

Link: CVE-2005-2474

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2005-08-05T04:00:00.000

Modified: 2017-07-11T01:32:52.127

Link: CVE-2005-2474

cve-icon Redhat

No data.