3 matches found
CVE-2026-39326
ChurchCRM (open-source church management system) is affected by a blind SQL injection in /PropertyTypeEditor.php prior to version 7.1.0. An authenticated user with the isMenuOptionsEnabled role can inject arbitrary SQL via the Name and Description parameters, potentially reading and modifying dat...
CVE-2026-39326 ChurchCRM has a Blind SQL injection in PropertyTypeEditor.php
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /PropertyTypeEditor.php in ChurchCRM. Authenticated users with the role isMenuOptionsEnabled can inject arbitrary SQL statements through the Name and Description paramete...
CVE-2026-39326 ChurchCRM has a Blind SQL injection in PropertyTypeEditor.php
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /PropertyTypeEditor.php in ChurchCRM. Authenticated users with the role isMenuOptionsEnabled can inject arbitrary SQL statements through the Name and Description paramete...