6 matches found
CVE-2026-39330 ChurchCRM has a Blind SQL injection in PropertyAssign.php
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /PropertyAssign.php in ChurchCRM. Authenticated users with the role Manage Groups & Roles ManageGroups and Edit Records isEditRecordsEnabled can inject arbitrary SQL...
CVE-2026-39330
ChurchCRM (pre-7.1.0) contains a SQL injection in /PropertyAssign.php exploitable by authenticated users with roles Manage Groups & Roles and Edit Records via the Value parameter. The vulnerability can allow arbitrary SQL execution to read/modify database data. It is fixed in 7.1.0; upgrade to 7....
CVE-2026-39327
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles ManageGroups can inject arbitrary SQL statements through the NewRole...
CVE-2026-39327 ChurchCRM has a SQL injection in MemberRoleChange.php
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles ManageGroups can inject arbitrary SQL statements through the NewRole...
EUVD-2026-19822
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles ManageGroups can inject arbitrary SQL statements through the NewRole...
CVE-2026-39327 ChurchCRM has a SQL injection in MemberRoleChange.php
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles ManageGroups can inject arbitrary SQL statements through the NewRole...