We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
SQL Injection vulnerability in ChurchCRM 4.4.5 via /churchcrm/WhyCameEditor.php.
Step to exploit:
Login as admin.
Redirect to profile page and click on Edit "Why Came" Notes.
Edit "Why Came" Notes
Submit "Why Came" notes and capture request in Burp Suite.
Save request to churchcrm.txt file and run sqlmap for injecting the PersonID parameter: sqlmap -r churchcrm.txt -p PersonID
sqlmap -r churchcrm.txt -p PersonID