CVE-2024-35637

Published Jun 3, 2024

Last updated 2 months ago

CVSS medium 4.4

Overview

Description
Server-Side Request Forgery (SSRF) vulnerability in Church Admin.This issue affects Church Admin: from n/a through 4.3.6.
Source
audit@patchstack.com
NVD status
Analyzed
Products
church_admin

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.4
Impact score
2.7
Exploitability score
1.3
Vector string
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

audit@patchstack.com
CWE-918

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Missing Authorization vulnerability in Andy Moyle Church Admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.4.4.CVE-2024-37440
  2. Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Reflected XSS.This issue affects Church Admin: from n/a before 5.0.0.CVE-2024-50438
  3. Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin allows Upload a Web Shell to a Web Server.This issue affects Church Admin: from n/a through 4.4.6.CVE-2024-37418
  4. Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.4.4.CVE-2024-35764
  5. Missing Authorization vulnerability in Andy Moyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.1.6.CVE-2024-31281

References

Sources include official advisories and independent security research.