CVE-2005-2473

critical

Description

Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, (8) DepositSlipID parameter to DepositSlipEditor.php, (9) QueryID parameter to QueryView.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/21647

http://www.securityfocus.com/bid/14438

http://www.osvdb.org/18428

http://www.osvdb.org/18427

http://www.osvdb.org/18424

http://www.osvdb.org/18423

http://www.osvdb.org/18422

http://www.osvdb.org/18421

http://www.osvdb.org/18420

http://www.osvdb.org/18419

http://www.osvdb.org/18418

http://www.osvdb.org/18417

http://www.osvdb.org/18416

http://www.osvdb.org/18415

http://www.osvdb.org/18414

http://www.osvdb.org/18413

http://www.osvdb.org/18412

http://www.osvdb.org/18411

http://www.osvdb.org/18410

http://www.osvdb.org/18409

http://www.osvdb.org/18408

http://securitytracker.com/id?1014617

http://secunia.com/advisories/16292

http://marc.info/?l=bugtraq&m=112291550713546&w=2

Details

Source: Mitre, NVD

Published: 2005-08-05

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.02117