EUVD-2026-23593

ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::getMemberByScanString via unsanitized $routeAndAccount concatenated into raw SQL. This issue has been fixed in version 7.2.0...

CVE-2026-40482

ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::getMemberByScanString via unsanitized $routeAndAccount concatenated into raw SQL. This issue has been fixed in version 7.2.0...

CVE-2026-2898

A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloudaccount results in deserialization. The attack may be performed from...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the getMember function in the backend endpoint when processing the cloudaccount argument. An attacker can execute code or manipulate application behavior by supplying crafted serialized data. Detail...

CVE-2026-2898 funadmin Backend Endpoint AuthCloudService.php getMember deserialization

A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloudaccount results in deserialization. The attack may be performed from...

CVE-2025-15086 youlaitech youlai-mall MemberController.java getMemberByMobile access control

A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack may be initiated...

CVE-2025-15086

CVE-2025-15086 affects youlaitech youlai-mall versions 1.0.0–2.0.0. The vulnerability is in the getMemberByMobile function of mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java, causing improper access controls. The issue can be exploited remotely and the exp...

CVE-2025-15086 youlaitech youlai-mall MemberController.java getMemberByMobile access control

A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack may be initiated...

PT-2025-53413

Name of the Vulnerable Software and Affected Versions youlaitech youlai-mall versions 1.0.0 through 2.0.0 Description A weakness exists that causes improper access controls. The issue impacts the getMemberByMobile function within the file...

CVE-2025-14052

The CVE-2025-14052 issue affects youlaitech youlai-mall versions 1.0.0 through 2.0.0, specifically the getMemberById function in /mall-ums/app-api/v1/members/. The vulnerability stems from improper access controls when handling the memberId argument, enabling remote exploitation. Public exploit d...

CVE-2025-14052 youlaitech youlai-mall members getMemberById access control

A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected by this vulnerability is the function getMemberById of the file /mall-ums/app-api/v1/members/. The manipulation of the argument memberId leads to improper access controls. The attack is possible to be carried out...

CVE-2025-5149

A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is the function getMemberByUid of the file /index.php?articleadmin/getallcon of the component Login. The manipulation of the argument uid leads to improper authentication. The attack c...