Back to search
CVE-2026-39342
Published: Apr 7, 2026
Modified: Apr 9, 2026
PUBLISHED
Description
ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The authenticated user requires access to Data/Reports > Query Menu and access to the "Advanced Search" query. This vulnerability is fixed in 7.1.0.
| Vendor | Product | Versions |
|---|---|---|
ChurchCRM | CRM | affected < 7.1.0 |
Weaknesses (CWE)
References
https://github.com/ChurchCRM/CRM/security/advisories/GHSA-7fr4-mvfm-cxfx
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now