9 matches found
Exploit for SQL Injection in Churchcrm
CVE-2025-68400: ChurchCRM vulnerable to time-based blind SQL I...
CVE-2026-39341
ChurchCRM is an open-source church management system. Prior to 7.1.0, the application is vulnerable to time-based SQL injection due to an improper input validation. Endpoint Reports/ConfirmReportEmail.php?familyId= is not correctly sanitising user input, specifically, the sanitised input is not...
CVE-2026-39341 SQL injection in ChurchCRM.0
ChurchCRM is an open-source church management system. Prior to 7.1.0, the application is vulnerable to time-based SQL injection due to an improper input validation. Endpoint Reports/ConfirmReportEmail.php?familyId= is not correctly sanitising user input, specifically, the sanitised input is not...
PT-2026-30964
ChurchCRM is an open-source church management system. Prior to 7.1.0, The application is vulnerable to time-based SQL injection due to an improper input validation. Endpoint Reports/ConfirmReportEmail.php?familyId= is not correctly sanitising user input, specifically, the sanitised input is not...
ChurchCRM SQL注入漏洞
ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained a SQL injection vulnerability. This vulnerability stemmed from improper input validation in the Reports/ConfirmReportEmail.php endpoint, which could lead to time-based SQL injections...
ChurchCRM legacy endpoint SQL injection vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that originates from the unvalidated familyId parameter in legacy endpoints/Reports/ConfirmReportEmail.php, and no details of the vulnerability are provided at this time...
CVE-2025-68400 ChurchCRM vulnerable to time-based blind SQL Injection in ConfirmReportEmail.php
ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in the legacy endpoint /Reports/ConfirmReportEmail.php in ChurchCRM prior to version 6.5.3. Although the feature was removed from the UI, the file remains deployed and reachable directly via URL. This is a...
EUVD-2025-204001
ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in the legacy endpoint /Reports/ConfirmReportEmail.php in ChurchCRM prior to version 6.5.3. Although the feature was removed from the UI, the file remains deployed and reachable directly via URL. This is a...
ChurchCRM SQL注入漏洞
ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that originates from the unvalidated familyId parameter in legacy endpoints/Reports/ConfirmReportEmail.php, and no details of the vulnerability are provided at this time...