Back to CVE List

CVE-2026-39341

HIGH SEVERITY

CVSS Score & Metrics

Base Score
8.1 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Vulnerability Description

ChurchCRM is an open-source church management system. Prior to 7.1.0, The application is vulnerable to time-based SQL injection due to an improper input validation. Endpoint Reports/ConfirmReportEmail.php?familyId= is not correctly sanitising user input, specifically, the sanitised input is not used to create the SQL query. This vulnerability is fixed in 7.1.0.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-89
Source
NVD
Vendor
ChurchCRM
Product
CRM

External References

Discussion (0)

Add Comment

No comments yet. Be the first!