6 matches found
CVE-2026-39327
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles ManageGroups can inject arbitrary SQL statements through the NewRole...
CVE-2026-39327
CVE-2026-39327 : ChurchCRM (open-source church management system) has a SQL injection in the /MemberRoleChange.php endpoint. The flaw affects ChurchCRM 7.0.5, prior to 7.1.0. Authenticated users with the Manage Groups & Roles (ManageGroups) permission can inject arbitrary SQL statements via the N...
CVE-2026-39327 ChurchCRM has a SQL injection in MemberRoleChange.php
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles ManageGroups can inject arbitrary SQL statements through the NewRole...
CVE-2026-35567
ChurchCRM Before version 7.1.0, the POST parameter NewRole in src/MemberRoleChange.php is used in an SQL query without proper integer validation, allowing an authenticated user with the ManageGroups role to inject arbitrary SQL. Requires knowledge of a valid GroupID and PersonID (obtainable from ...
CVE-2026-35567
...
ChurchCRM SQL注入漏洞
ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of the NewRole parameter at the /MemberRoleChange.php endpoint, which could lead to SQL injection attacks...