Security Advisory

CVE-2026-39342

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-07 18:02:40

Last updated 2026-04-09 16:03:35

Assigner GitHub_M

State PUBLISHED

Description

ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The authenticated user requires access to Data/Reports > Query Menu and access to the "Advanced Search" query. This vulnerability is fixed in 7.1.0.

← Browse all CVEs View on cve.org ↗