Churchcrm Crm

65 CVEs affecting Churchcrm Crm. Latest disclosed: 2026-05-12. Critical: 10, High: 30.

Top CVEs affecting Churchcrm Crm
CVESeverityScorePublishedSummary
CVE-2026-42288Critical10.02026-05-12ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 is incomplete. The pre-authentication remote code execution vu…
CVE-2026-39337Critical10.02026-04-07ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vulnerability in ChurchCRM's setup wiza…
CVE-2025-68110Critical10.02025-12-17ChurchCRM is an open-source church management system. Versions prior to 6.5.3 may disclose database information in an error message including the host, ip, use…
CVE-2025-62521Critical10.02025-12-17ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wi…
CVE-2026-44547Critical9.62026-05-12ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then si…
CVE-2025-68112Critical9.62025-12-17ChurchCRM is an open-source church management system. In versions prior to 6.5.3, a SQL injection vulnerability in ChurchCRM's Event Attendee Editor allows aut…
CVE-2026-40484Critical9.12026-04-17ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents…
CVE-2026-39339Critical9.12026-04-07ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical authentication bypass vulnerability in ChurchCRM's API middleware (ChurchCRM/…
CVE-2026-35573Critical9.12026-04-07ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authent…
CVE-2025-68109Critical9.12025-12-17ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file exte…
CVE-2026-39328High8.92026-04-07ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in ChurchCRM's person profile editing…
CVE-2026-42289High8.82026-05-12ChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes user account creation and permission updates entirely through $_…
CVE-2026-39319High8.82026-04-07ChurchCRM is an open-source church management system. Prior to 7.1.0, a second order SQL injection vulnerability was found in the endpoint /FundRaiserEditor.ph…
CVE-2026-39334High8.82026-04-07ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsIndividual.php in Churc…
CVE-2026-39330High8.82026-04-07ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /PropertyAssign.php in ChurchCRM…
CVE-2026-39329High8.82026-04-07ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was identified in /EventNames.php in ChurchCRM. Authentica…
CVE-2026-39327High8.82026-04-07ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchC…
CVE-2026-39326High8.82026-04-07ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /PropertyTypeEditor.php in Churc…
CVE-2026-39318High8.82026-04-07ChurchCRM is an open-source church management system. Versions prior to 7.1.0 have an SQL injection vulnerability in the endpoints `/GroupPropsFormRowOps.php`…
CVE-2026-24854High8.82026-01-30ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint `/PaddleNumEditor.php` in ChurchCRM prior to version 6.7…