{"id":"CVE-2023-38773","details":"SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php.","modified":"2026-05-15T04:06:58.899915451Z","published":"2023-08-08T00:00:00Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/38xxx/CVE-2023-38773.json","cna_assigner":"mitre"},"references":[{"type":"WEB","url":"https://churchcrm.io/"},{"type":"WEB","url":"https://demo.churchcrm.io/master"},{"type":"WEB","url":"https://github.com/ChurchCRM/CRM/wiki"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/38xxx/CVE-2023-38773.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38773"},{"type":"PACKAGE","url":"https://github.com/0x72303074/CVE-Disclosures"}],"schema_version":"1.7.5"}