6 matches found
CVE-2026-39323
...
CVE-2026-39323
...
CVE-2026-39323
CVE-2026-39323 affects ChurchCRM prior to 7.1.0, where a SQL injection in PropertyTypeEditor.php arises because the Name and Description POST parameters are sanitized only with strip_tags() before direct SQL string concatenation. Authenticated users with the Manage Properties permission can execu...
EUVD-2026-19809
ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical SQL injection vulnerability exists in ChurchCRM's PropertyTypeEditor.php where the Name and Description POST parameters are sanitized only with striptags before direct concatenation into SQL queries. This allows...
CVE-2026-39323
REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39326. Reason: This candidate is a duplicate of CVE-2026-39326. Notes: All CVE users should reference CVE-2026-39326 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental...
PT-2026-30945
ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical SQL injection vulnerability exists in ChurchCRM's PropertyTypeEditor.php where the Name and Description POST parameters are sanitized only with strip tags before direct concatenation into SQL queries. This allows...