2 matches found
CVE-2026-39329 ChurchCRM has a Blind SQL injection in EventNames.php
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was identified in /EventNames.php in ChurchCRM. Authenticated users with AddEvent privileges can inject SQL via the newEvtTypeCntLst parameter during event type creation. The vulnerable flow reach...
ChurchCRM 安全漏洞
ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of the newEvtTypeCntLst parameter in the /EventNames.php endpoint, which could lead to SQL injection attacks...