4 matches found
CVE-2026-39325
ChurchCRM (open-source church management) has a Blind SQL injection in /SettingsUser.php affecting versions prior to 7.1.0 (notably 7.0.5). Authenticated administrative users can inject arbitrary SQL through the type array parameter (via the index) to read/modify database data. The vulnerability ...
CVE-2026-39325 ChurchCRM has a Blind SQL injection in SettingsUser.php
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsUser.php in ChurchCRM 7.0.5. Authenticated administrative users can inject arbitrary SQL statements through the type array parameter via the index and thus extra...
EUVD-2026-19810
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsUser.php in ChurchCRM 7.0.5. Authenticated administrative users can inject arbitrary SQL statements through the type array parameter via the index and thus extra...
PT-2026-30946
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsUser.php in ChurchCRM 7.0.5. Authenticated administrative users can inject arbitrary SQL statements through the type array parameter via the index and thus extra...