Vulnerability-Lookup

CVE-2024-39304 (GCVE-0-2024-39304)

Vulnerability from cvelistv5 – Published: 2024-07-26 17:31 – Updated: 2024-08-02 04:19

Title

ChurchCRM SQL Injection Vulnerability

Summary

ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQL statements directly into the database query due to inadequate sanitization of the EID parameter in in a GET request to `/GetText.php`. Version 5.9.2 patches the issue.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/ChurchCRM/CRM/security/advisor…	x_refsource_CONFIRM
	https://github.com/ChurchCRM/CRM/commit/e3bd7bfbf…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	ChurchCRM	CRM	Affected: < 5.9.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:churchcrm:churchcrm:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "churchcrm",
            "vendor": "churchcrm",
            "versions": [
              {
                "lessThan": "5.9.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39304",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-26T19:41:27.305850Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T19:42:41.258Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:19:20.746Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/ChurchCRM/CRM/security/advisories/GHSA-2rh6-gr3h-83j9",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/ChurchCRM/CRM/security/advisories/GHSA-2rh6-gr3h-83j9"
          },
          {
            "name": "https://github.com/ChurchCRM/CRM/commit/e3bd7bfbf33f01148df0ef1acdb0cf2c2b878b08",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/ChurchCRM/CRM/commit/e3bd7bfbf33f01148df0ef1acdb0cf2c2b878b08"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CRM",
          "vendor": "ChurchCRM",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 5.9.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQL statements directly into the database query due to inadequate sanitization of the EID parameter in in a GET request to `/GetText.php`. Version 5.9.2 patches the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-26T17:31:38.338Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ChurchCRM/CRM/security/advisories/GHSA-2rh6-gr3h-83j9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ChurchCRM/CRM/security/advisories/GHSA-2rh6-gr3h-83j9"
        },
        {
          "name": "https://github.com/ChurchCRM/CRM/commit/e3bd7bfbf33f01148df0ef1acdb0cf2c2b878b08",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ChurchCRM/CRM/commit/e3bd7bfbf33f01148df0ef1acdb0cf2c2b878b08"
        }
      ],
      "source": {
        "advisory": "GHSA-2rh6-gr3h-83j9",
        "discovery": "UNKNOWN"
      },
      "title": "ChurchCRM SQL Injection Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-39304",
    "datePublished": "2024-07-26T17:31:38.338Z",
    "dateReserved": "2024-06-21T18:15:22.258Z",
    "dateUpdated": "2024-08-02T04:19:20.746Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-39304\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-26T19:41:27.305850Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:churchcrm:churchcrm:*:*:*:*:*:*:*:*\"], \"vendor\": \"churchcrm\", \"product\": \"churchcrm\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.9.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-26T19:42:37.215Z\"}}], \"cna\": {\"title\": \"ChurchCRM SQL Injection Vulnerability\", \"source\": {\"advisory\": \"GHSA-2rh6-gr3h-83j9\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"ChurchCRM\", \"product\": \"CRM\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 5.9.2\"}]}], \"references\": [{\"url\": \"https://github.com/ChurchCRM/CRM/security/advisories/GHSA-2rh6-gr3h-83j9\", \"name\": \"https://github.com/ChurchCRM/CRM/security/advisories/GHSA-2rh6-gr3h-83j9\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/ChurchCRM/CRM/commit/e3bd7bfbf33f01148df0ef1acdb0cf2c2b878b08\", \"name\": \"https://github.com/ChurchCRM/CRM/commit/e3bd7bfbf33f01148df0ef1acdb0cf2c2b878b08\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQL statements directly into the database query due to inadequate sanitization of the EID parameter in in a GET request to `/GetText.php`. Version 5.9.2 patches the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-07-26T17:31:38.338Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-39304\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-07-26T19:42:41.258Z\", \"dateReserved\": \"2024-06-21T18:15:22.258Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-07-26T17:31:38.338Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CNVD-2024-35168

Vulnerability from cnvd - Published: 2024-08-06

Title

ChurchCRM SQL注入漏洞（CNVD-2024-35168）

Description

ChurchCRM是一个为教会打造的开源CRM系统。 ChurchCRM 5.8.0及之前版本存在SQL注入漏洞，该漏洞源于应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令窃取数据库敏感数据。

Severity

高

Patch Name

ChurchCRM SQL注入漏洞（CNVD-2024-35168）的补丁

Patch Description

ChurchCRM是一个为教会打造的开源CRM系统。 ChurchCRM 5.8.0及之前版本存在SQL注入漏洞，该漏洞源于应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令窃取数据库敏感数据。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/ChurchCRM/CRM/security/advisories/GHSA-2rh6-gr3h-83j9

Reference

https://nvd.nist.gov/vuln/detail/CVE-2024-39304

Impacted products

Name
ChurchCRM ChurchCRM <=5.8.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-39304",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-39304"
    }
  },
  "description": "ChurchCRM\u662f\u4e00\u4e2a\u4e3a\u6559\u4f1a\u6253\u9020\u7684\u5f00\u6e90CRM\u7cfb\u7edf\u3002\n\nChurchCRM 5.8.0\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7f3a\u5c11\u5bf9\u5916\u90e8\u8f93\u5165SQL\u8bed\u53e5\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5SQL\u547d\u4ee4\u7a83\u53d6\u6570\u636e\u5e93\u654f\u611f\u6570\u636e\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/ChurchCRM/CRM/security/advisories/GHSA-2rh6-gr3h-83j9",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-35168",
  "openTime": "2024-08-06",
  "patchDescription": "ChurchCRM\u662f\u4e00\u4e2a\u4e3a\u6559\u4f1a\u6253\u9020\u7684\u5f00\u6e90CRM\u7cfb\u7edf\u3002\r\n\r\nChurchCRM 5.8.0\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7f3a\u5c11\u5bf9\u5916\u90e8\u8f93\u5165SQL\u8bed\u53e5\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5SQL\u547d\u4ee4\u7a83\u53d6\u6570\u636e\u5e93\u654f\u611f\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ChurchCRM SQL\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2024-35168\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "ChurchCRM ChurchCRM \u003c=5.8.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-39304",
  "serverity": "\u9ad8",
  "submitTime": "2024-07-31",
  "title": "ChurchCRM SQL\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2024-35168\uff09"
}

FKIE_CVE-2024-39304

Vulnerability from fkie_nvd - Published: 2024-07-26 18:15 - Updated: 2024-11-21 09:27

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/ChurchCRM/CRM/commit/e3bd7bfbf33f01148df0ef1acdb0cf2c2b878b08	Patch
security-advisories@github.com	https://github.com/ChurchCRM/CRM/security/advisories/GHSA-2rh6-gr3h-83j9	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/ChurchCRM/CRM/commit/e3bd7bfbf33f01148df0ef1acdb0cf2c2b878b08	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/ChurchCRM/CRM/security/advisories/GHSA-2rh6-gr3h-83j9	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	churchcrm	churchcrm	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:churchcrm:churchcrm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF260165-FC6C-43A6-A034-EBAF26131A40",
              "versionEndExcluding": "5.9.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQL statements directly into the database query due to inadequate sanitization of the EID parameter in in a GET request to `/GetText.php`. Version 5.9.2 patches the issue."
    },
    {
      "lang": "es",
      "value": "ChurchCRM es un sistema de gesti\u00f3n de iglesias de c\u00f3digo abierto. Las versiones de la aplicaci\u00f3n anteriores a la 5.9.2 son vulnerables a una inyecci\u00f3n SQL autenticada debido a una sanitizaci\u00f3n inadecuada de la entrada del usuario. Se requiere autenticaci\u00f3n, pero no se necesitan privilegios elevados. Esto permite a los atacantes inyectar declaraciones SQL directamente en la consulta de la base de datos debido a una sanitizaci\u00f3n inadecuada del par\u00e1metro EID en una solicitud GET a `/GetText.php`. La versi\u00f3n 5.9.2 soluciona el problema."
    }
  ],
  "id": "CVE-2024-39304",
  "lastModified": "2024-11-21T09:27:25.420",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-07-26T18:15:03.557",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/ChurchCRM/CRM/commit/e3bd7bfbf33f01148df0ef1acdb0cf2c2b878b08"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ChurchCRM/CRM/security/advisories/GHSA-2rh6-gr3h-83j9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/ChurchCRM/CRM/commit/e3bd7bfbf33f01148df0ef1acdb0cf2c2b878b08"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ChurchCRM/CRM/security/advisories/GHSA-2rh6-gr3h-83j9"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-39304 (GCVE-0-2024-39304)

CNVD-2024-35168

FKIE_CVE-2024-39304

Tags

Sightings

Nomenclature