There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the ‘PersonID’ field in /churchcrm/WhyCameEditor.php.

By admin