4 matches found
CVE-2026-42289
ChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes user account creation and permission updates entirely through $POST parameters with no CSRF token validation. An unauthenticated attacker can craft a malicious HTML page that, when visited by an...
CVE-2026-42289
ChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes user account creation and permission updates entirely through $POST parameters with no CSRF token validation. An unauthenticated attacker can craft a malicious HTML page that, when visited by an...
EUVD-2026-29877
ChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes user account creation and permission updates entirely through $POST parameters with no CSRF token validation. An unauthenticated attacker can craft a malicious HTML page that, when visited by an...
PT-2026-40459
Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 7.3.2 Description ChurchCRM is an open-source church management system. The UserEditor.php file processes user account creation and permission updates using $ POST parameters without validating Cross-Site Request...