High severity8.8NVD Advisory· Published Apr 7, 2026· Updated Apr 10, 2026
CVE-2026-39342
CVE-2026-39342
Description
ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The authenticated user requires access to Data/Reports > Query Menu and access to the "Advanced Search" query. This vulnerability is fixed in 7.1.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/ChurchCRM/CRM/security/advisories/GHSA-7fr4-mvfm-cxfxnvdVendor AdvisoryExploit
News mentions
0No linked articles in our index yet.