WordPress plugin User Registration & Membership SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

GHSA-4FP2-3XGG-JG4W PowerJob vulnerable to SQL injection

A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of the argument...

PowerJob vulnerable to SQL injection

A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of the argument...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the customQuery argument in the detailPlus endpoint. An attacker can execute arbitrary SQL commands by supplying crafted input remotely. Remediation There is no fixed version for tech.powerjob:powerjob-server-starter...

CVE-2026-39380 Open Source Point of Sale has Stored XSS in Stock Location (Configuration)

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Stock Locations configuration feature. The application fails to properly sanitize user input supplied throug...

CVE-2026-39337

ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

CVE-2026-39325

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsUser.php in ChurchCRM 7.0.5. Authenticated administrative users can inject arbitrary SQL statements through the type array parameter via the index and thus extra...

EUVD-2026-19835

ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

CVE-2026-39343

ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in the EditEventTypes.php file, which is only accessible to administrators. The ENtyid POST parameter is not sanitized before being used in a SQL query, allowing an administrator to execute...

EUVD-2026-19847

ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in the EditEventTypes.php file, which is only accessible to administrators. The ENtyid POST parameter is not sanitized before being used in a SQL query, allowing an administrator to execute...

EUVD-2026-19845

ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The authenticated user requires access to Data/Reports Query Menu and access to the "Advanced Search" query. This vulnerability is...

CVE-2026-39341 SQL injection in ChurchCRM.0

ChurchCRM is an open-source church management system. Prior to 7.1.0, the application is vulnerable to time-based SQL injection due to an improper input validation. Endpoint Reports/ConfirmReportEmail.php?familyId= is not correctly sanitising user input, specifically, the sanitised input is not...

CVE-2026-39341

ChurchCRM (open-source church management) is affected by CVE-2026-39341 due to a time-based SQL injection in the Reports/ConfirmReportEmail.php?familyId= endpoint before version 7.1.0. The vulnerability stems from improper input validation and sanitisation where the sanitised input is not used in...

CVE-2026-39340 ChurchCRM has a SQL Injection in PropertyTypeEditor.php via Incorrect Sanitizer Substitution

ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in PropertyTypeEditor.php, part of the administration functionality for managing property type categories People → Person Properties / Family Properties. The vulnerability was introduced whe...

EUVD-2026-19831

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsIndividual.php in ChurchCRM 7.0.5. Authenticated users without any specific privileges can inject arbitrary SQL statements through the type array parameter via t...

CVE-2026-39334

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsIndividual.php in ChurchCRM 7.0.5. Authenticated users without any specific privileges can inject arbitrary SQL statements through the type array parameter via t...

CVE-2026-39329 ChurchCRM has a Blind SQL injection in EventNames.php

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was identified in /EventNames.php in ChurchCRM. Authenticated users with AddEvent privileges can inject SQL via the newEvtTypeCntLst parameter during event type creation. The vulnerable flow reach...

CVE-2026-39327 ChurchCRM has a SQL injection in MemberRoleChange.php

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles ManageGroups can inject arbitrary SQL statements through the NewRole...

EUVD-2026-19822

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles ManageGroups can inject arbitrary SQL statements through the NewRole...

CVE-2026-39326

ChurchCRM (open-source church management system) is affected by a blind SQL injection in /PropertyTypeEditor.php prior to version 7.1.0. An authenticated user with the isMenuOptionsEnabled role can inject arbitrary SQL via the Name and Description parameters, potentially reading and modifying dat...