CVE-2023-24685 Information

Description

ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module.

Reference

https://github.com/ChurchCRM/CRM/ http://churchcrm.io/ https://github.com/blakduk/Advisories/blob/main/ChurchCRM/README.md