CVE-2026-39327

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles ManageGroups can inject arbitrary SQL statements through the NewRole...

CVE-2026-39327

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles ManageGroups can inject arbitrary SQL statements through the NewRole...

CVE-2026-39327

CVE-2026-39327 : ChurchCRM (open-source church management system) has a SQL injection in the /MemberRoleChange.php endpoint. The flaw affects ChurchCRM 7.0.5, prior to 7.1.0. Authenticated users with the Manage Groups & Roles (ManageGroups) permission can inject arbitrary SQL statements via the N...

CVE-2026-39327 ChurchCRM has a SQL injection in MemberRoleChange.php

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles ManageGroups can inject arbitrary SQL statements through the NewRole...

EUVD-2026-19822

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles ManageGroups can inject arbitrary SQL statements through the NewRole...

CVE-2026-35567

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39327. Reason: This candidate is a duplicate of CVE-2026-39327. Notes: All CVE users should reference CVE-2026-39327 instead of this candidate. All references and descriptions in this candidate have been removed to...

CVE-2026-35567

ChurchCRM Before version 7.1.0, the POST parameter NewRole in src/MemberRoleChange.php is used in an SQL query without proper integer validation, allowing an authenticated user with the ManageGroups role to inject arbitrary SQL. Requires knowledge of a valid GroupID and PersonID (obtainable from ...

CVE-2026-35567

...

CVE-2026-35567

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39327. Reason: This candidate is a duplicate of CVE-2026-39327. Notes: All CVE users should reference CVE-2026-39327 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental...

EUVD-2026-19722

ChurchCRM is an open-source church management system. Prior to 7.1.0, the NewRole POST parameter in src/MemberRoleChange.php is used in an SQL query without proper integer validation, allowing authenticated users to inject arbitrary SQL. The attack requires an authenticated session with...

ChurchCRM SQL注入漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of the NewRole parameter at the /MemberRoleChange.php endpoint, which could lead to SQL injection attacks...

PT-2026-30951

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles ManageGroups can inject arbitrary SQL statements through the NewRole...

[SECURITY] Fedora 25 Update: policycoreutils-2.5-17.fc25

Security-enhanced Linux is a feature of the Linux=EF=BF=BD=EF=BF=BD kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve th...

The vulnerability of the Red Hat Enterprise Linux operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the policycoreutils-newrole-2.0.83 package in the Red Hat Enterprise Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited locally...

[SECURITY] Fedora 14 Update: policycoreutils-2.0.85-19.fc14

Security-enhanced Linux is a feature of the Linux=C2=AE kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security o...

PT-2011-1128 · Red Hat · Selinux-Policy-Minimum +11

Name of the Vulnerable Software and Affected Versions: policycoreutils versions 2.0.83 and earlier policycoreutils-sandbox version 2.0.83 policycoreutils-python version 2.0.83 policycoreutils-debuginfo version 2.0.83 policycoreutils-newrole version 2.0.83 policycoreutils-gui version 2.0.83...