top of page
perceptive_background_267k.jpg

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsIndividual.php in Church…

Published:

6 april 2026 om 22:00:00

Alert date:

7 april 2026 om 19:08:14

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Database & Storage

ChurchCRM, an open-source church management system, contains an SQL injection vulnerability in version 7.0.5 prior to 7.1.0. The vulnerability exists in the /SettingsIndividual.php endpoint where authenticated users without specific privileges can inject arbitrary SQL statements through the type array parameter via the index. This allows attackers to extract and modify database information. The vulnerability has been fixed in version 7.1.0.

Technical details

Mitigation steps:

Affected products:

ChurchCRM

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-39334
https://github.com/ChurchCRM/CRM/security/advisories/GHSA-8g53-72jr-39w6

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page