VYPR
High severity7.2NVD Advisory· Published Apr 7, 2026· Updated Apr 10, 2026

CVE-2026-39325

CVE-2026-39325

Description

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsUser.php in ChurchCRM 7.0.5. Authenticated administrative users can inject arbitrary SQL statements through the type array parameter via the index and thus extract and modify information from the database. This vulnerability is fixed in 7.1.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:churchcrm:churchcrm:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:churchcrm:churchcrm:*:*:*:*:*:*:*:*range: <7.1.0
    • (no CPE)range: <7.1.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.

CVE-2026-39325 · High · VYPR