CVE-2005-2473

Properties

Published:
04.08.2005
Updated:
20.10.2005
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N) Approximated
Product:
ChurchInfo: ChurchInfo
ChurchInfo: ChurchInfo
ChurchInfo: ChurchInfo
ChurchInfo: ChurchInfo
ChurchInfo: ChurchInfo
ChurchInfo: ChurchInfo
ChurchInfo: ChurchInfo
ChurchInfo: ChurchInfo
ChurchInfo: ChurchInfo

Vulnerability description

Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, (8) DepositSlipID parameter to DepositSlipEditor.php, (9) QueryID parameter to QueryView.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php.

References:

BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=112291550713546&w=2
BID: http://www.securityfocus.com/bid/14438
OSVDB: http://www.osvdb.org/18408
OSVDB: http://www.osvdb.org/18409
OSVDB: http://www.osvdb.org/18410
OSVDB: http://www.osvdb.org/18411
OSVDB: http://www.osvdb.org/18412
OSVDB: http://www.osvdb.org/18413
OSVDB: http://www.osvdb.org/18414
OSVDB: http://www.osvdb.org/18415
OSVDB: http://www.osvdb.org/18416
OSVDB: http://www.osvdb.org/18417
OSVDB: http://www.osvdb.org/18418
OSVDB: http://www.osvdb.org/18419
OSVDB: http://www.osvdb.org/18420
OSVDB: http://www.osvdb.org/18421
OSVDB: http://www.osvdb.org/18422
OSVDB: http://www.osvdb.org/18423
OSVDB: http://www.osvdb.org/18424
OSVDB: http://www.osvdb.org/18427
OSVDB: http://www.osvdb.org/18428
SECTRACK: http://securitytracker.com/id?1014617
SECUNIA: http://secunia.com/advisories/16292
XF: http://xforce.iss.net/xforce/xfdb/21647