This is a technical writeup detailing a SQL injection vulnerability in ChurchInfo <= 1.2.12. The vulnerability occurs in ListEvents.php due to improper sanitization of the 'WhichType' POST parameter, allowing an attacker to inject malicious SQL queries.
Classification
Writeup 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:ChurchInfo <= 1.2.12
Auth required
Prerequisites:Valid user session (authentication required)