CVE-2026-39343

ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in the EditEventTypes.php file, which is only accessible to administrators. The ENtyid POST parameter is not sanitized before being used in a SQL query, allowing an administrator to execute...

CVE-2026-39343

ChurchCRM prior to version 7.1.0 contains a SQL injection vulnerability in EditEventTypes.php, exploitable via unsanitized EN_tyid in a POST request by an administrator. The flaw allows arbitrary SQL execution against the database, with high impact on confidentiality, integrity, and availability ...

CVE-2026-39343 ChurchCRM has a SQL Injection in Event Type Editor (Admin)

ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in the EditEventTypes.php file, which is only accessible to administrators. The ENtyid POST parameter is not sanitized before being used in a SQL query, allowing an administrator to execute...

CVE-2026-39343

ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in the EditEventTypes.php file, which is only accessible to administrators. The ENtyid POST parameter is not sanitized before being used in a SQL query, allowing an administrator to execute...

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the ENtyid parameter in the EditEventTypes.php file not being cleaned properly, which could lead to SQL injection attacks...

CVE-2025-67751 ChurchCRM has SQL Injection in Event Editor via `EN_tyid` Parameter caused by an Incomplete Fix

ChurchCRM is an open-source church management system. Prior to version 6.5.0, a SQL injection vulnerability exists in the EventEditor.php file. When creating a new event and selecting an event type, the ENtyid POST parameter is not sanitized. This allows an authenticated user with event managemen...

CVE-2025-67751 ChurchCRM has SQL Injection in Event Editor via `EN_tyid` Parameter caused by an Incomplete Fix

ChurchCRM is an open-source church management system. Prior to version 6.5.0, a SQL injection vulnerability exists in the EventEditor.php file. When creating a new event and selecting an event type, the ENtyid POST parameter is not sanitized. This allows an authenticated user with event managemen...

EUVD-2023-33379

Malicious code in bioql PyPI...

CVE-2023-29842

ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection Time-based via the ENtyid POST parameter...

ChurchCRM SQL Injection Vulnerability (CNVD-2023-64496)

ChurchCRM is an open source CRM system for churches. ChurchCRM version 4.5.4 suffers from a SQL injection vulnerability that stems from a lack of validation of the ENtyid parameter against externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL command...

CVE-2023-29842

ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection Time-based via the ENtyid POST parameter...

CVE-2023-29842

ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection Time-based via the ENtyid POST parameter...

CVE-2023-29842

ChurchCRM 4.5.4 is vulnerable to a Blind SQL Injection (time-based) on the endpoint /EditEventTypes.php via the EN_tyid POST parameter. The root cause is unsanitized user input used in an SQL query, enabling potential data exposure or manipulation. An exploited PoC has been published publicly (Pa...

CVE-2023-29842

ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection Time-based via the ENtyid POST parameter...

CVE-2023-29842

ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection Time-based via the ENtyid POST parameter...

ChurchCRM SQL注入漏洞

ChurchCRM is an open source CRM system for churches. ChurchCRM version 4.5.4 suffers from a SQL injection vulnerability that stems from a lack of validation of the ENtyid parameter against externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL command...

CVE-2021-41965

A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized ENtyid, theID and EID fields used when an Edit action on an existing record is being performed...

ChurchCRM SQL注入漏洞

ChurchCRM is an open source CRM system for churches. A security vulnerability exists in ChurchCRM versions 2.0.0 through 4.4.5. An attacker exploits the vulnerability to issue arbitrary SQL commands to the database by using unprocessed ENtyid, ID, and EID fields...