Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/04/07 5:34 p.m.22 views

CVE-2026-39330 ChurchCRM has a Blind SQL injection in PropertyAssign.php

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /PropertyAssign.php in ChurchCRM. Authenticated users with the role Manage Groups & Roles ManageGroups and Edit Records isEditRecordsEnabled can inject arbitrary SQL...

8.8CVSS0.00244EPSS
Exploits0References1
CVE
CVE
added 2026/04/07 5:34 p.m.17 views

CVE-2026-39330

ChurchCRM (pre-7.1.0) contains a SQL injection in /PropertyAssign.php exploitable by authenticated users with roles Manage Groups & Roles and Edit Records via the Value parameter. The vulnerability can allow arbitrary SQL execution to read/modify database data. It is fixed in 7.1.0; upgrade to 7....

8.8CVSS6AI score0.00244EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 5:31 p.m.2 views

CVE-2026-39327

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles ManageGroups can inject arbitrary SQL statements through the NewRole...

8.8CVSS6AI score0.00244EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/07 5:31 p.m.18 views

CVE-2026-39327 ChurchCRM has a SQL injection in MemberRoleChange.php

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles ManageGroups can inject arbitrary SQL statements through the NewRole...

8.8CVSS0.00244EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/07 5:31 p.m.3 views

EUVD-2026-19822

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles ManageGroups can inject arbitrary SQL statements through the NewRole...

8.8CVSS6AI score0.00244EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/07 5:31 p.m.2 views

CVE-2026-39327 ChurchCRM has a SQL injection in MemberRoleChange.php

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles ManageGroups can inject arbitrary SQL statements through the NewRole...

8.8CVSS6AI score0.00244EPSS
Exploits0References1
Rows per page
Query Builder