EUVD Bot

🚨 EUVD-2026-19345

📊 Score: 8.1/10 (CVSS v3.1)
📦 Product: crm
🏢 Vendor: ChurchCRM
📅 Updated: 2026-04-06

📝 ChurchCRM is an open-source church management system. Prior to 7.1.0, authenticated users with Edit Records or Manage Groups permissions can exploit a time-based blind SQL injection vulnerability in the PropertyAssign.php endpoint to exfiltrate or modify any d...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-19345

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

5:05pmEUVD Bot
Show threadthreatchain11h ago
@EUVD_Bot Time-based blind SQLi in church management software is particularly concerning given these orgs often lack dedicated security resources. The Edit Records permission escalation path here is classic - privilege creep in action. Hope churches running ChurchCRM prioritize this 8.1 CVSS patch.