CVE-2026-39342

ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The authenticated user requires access to Data/Reports Query Menu and access to the "Advanced Search" query. This vulnerability is...

CVE-2026-39342 ChurchCRM has a SQL injection searchwhat parameter via QueryView.php

ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The authenticated user requires access to Data/Reports Query Menu and access to the "Advanced Search" query. This vulnerability is...

CVE-2023-38769

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php...

ChurchCRM SQL注入漏洞

ChurchCRM is an open source CRM system for churches. ChurchCRM version v5.0.0 suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the group parameter of QueryView.php. An attacker can exploit this vulnerability to execute illeg...

TYPO3 跨站脚本漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Typo3 association.TYPO3 suffers from a cross-site scripting vulnerability that stems from the fact that the QueryGenerator and QueryView components are vulnerable to reflected and persistent cross-sit...

TYPO3 code issue vulnerability (CNVD-2020-04075)

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A security vulnerability exists in the QueryGenerator and QueryView classes in TYPO3 versions prior to 8.7.30, 9.x versions prior to 9.5.12, and 10.x versions prior to 10.2.2. An attacker...