CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/12 12:0 a.m.•5 views

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.3.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation of the CSRF token in the UserEditor.php file, which could allow unauthenticated attackers to gain...

8.8CVSS5.8AI score0.00128EPSS

Exploits0References2

RedhatCVE•added 2026/04/20 7:23 p.m.•1 views

CVE-2026-40593

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the User Editor UserEditor.php renders stored usernames directly into an HTML input value attribute without applying htmlspecialchars. An administrator can save a username containing HTML attribute-breaking characte...

NVD•added 2026/04/18 12:16 a.m.•1 views

CVE-2026-40593

4.8CVSS0.002EPSS

CVE•added 2026/04/18 12:2 a.m.•8 views

CVE-2026-40593

CVE-2026-40593 affects ChurchCRM prior to 7.2.0. The issue arises in the UserEditor.php when rendering stored usernames into an HTML input value without applying htmlspecialchars(), allowing an administrator to save a username with HTML attribute-breaking characters and event handlers. When anoth...

Cvelist•added 2026/04/18 12:2 a.m.•27 views

CVE-2026-40593 ChurchCRM: Stored XSS in UserEditor.php via Login Name Field

4.8CVSS0.002EPSS

ATTACKERKB•added 2026/04/18 12:2 a.m.•0 views

CVE-2026-40593

Exploits0References2Affected Software1

Vulnrichment•added 2026/04/18 12:2 a.m.•1 views

CVE-2026-40593 ChurchCRM: Stored XSS in UserEditor.php via Login Name Field

EUVD•added 2026/04/18 12:2 a.m.•3 views

EUVD-2026-23621

CNNVD•added 2026/04/18 12:0 a.m.•7 views

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of the user editor, which directly rendered stored user names as HTML input value attributes without applying...

4.8CVSS5.7AI score0.002EPSS

Exploits0References2

CNVD•added 2025/12/25 12:0 a.m.•1 views

ChurchCRM UserEditor.php File SQL Injection Vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the type parameter of the src/UserEditor.php file. No details of the vulnerability are provided at this time...

7.2CVSS5.9AI score0.00346EPSS

RedhatCVE•added 2025/12/18 7:44 p.m.•3 views

CVE-2025-66396

ChurchCRM is an open-source church management system. Prior to version 6.5.3, a SQL injection vulnerability exists in the src/UserEditor.php file. When an administrator saves a user's configuration settings, the keys of the type POST parameter array are not properly sanitized or type-casted befor...

7.2CVSS8.4AI score0.00346EPSS

NVD•added 2025/12/17 8:15 p.m.•4 views

CVE-2025-66396

7.2CVSS0.00346EPSS

Cvelist•added 2025/12/17 7:10 p.m.•22 views

CVE-2025-66396 ChurchCRM has SQL Injection in User Editor via `type` Parameter Key

7.2CVSS0.00346EPSS

Vulnrichment•added 2025/12/17 7:10 p.m.•1 views

CVE-2025-66396 ChurchCRM has SQL Injection in User Editor via `type` Parameter Key

7.2CVSS8AI score0.00346EPSS

OSV•added 2025/12/17 7:10 p.m.•4 views

CVE-2025-66396 ChurchCRM has SQL Injection in User Editor via `type` Parameter Key

7.2CVSS8.3AI score0.00346EPSS

Exploits1References3

CVE•added 2025/12/17 7:10 p.m.•11 views

CVE-2025-66396

ChurchCRM exposes a SQL injection in src/UserEditor.php affecting versions prior to 6.5.3. The vulnerability arises when an administrator saves user configuration settings: the code iterates over the POST type parameter array, uses the array key (expected numeric id) directly in SELECT/UPDATE que...

7.2CVSS8AI score0.00346EPSS

Exploits1References1Affected Software1

CNNVD•added 2025/12/17 12:0 a.m.•3 views

ChurchCRM SQL注入漏洞

7.2CVSS5.8AI score0.00346EPSS