2026-04-07 17:20:02
GitHub_M
PUBLISHED
ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in ChurchCRMs SettingsIndividual.php where user-controlled array keys from the type POST parameter are used directly in SQL queries without sanitization. This allows any authenticated user to extract sensitive data from the database. This vulnerability is fixed in 7.1.0.