CVE-2026-34402 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

ChurchCRM is an open-source church management system. Prior to 7.1.0, authenticated users with Edit Records or Manage Groups permissions can exploit a time-base…
High CVSS: 8.1

CVE-2026-34402

ChurchCRM is an open-source church management system. Prior to 7.1.0, authenticated users with Edit Records or Manage Groups permissions can exploit a time-based blind SQL injection vulnerability in the PropertyAssign.php endpoint to exfiltrate or modify any database content, including user credentials, personal identifiable information (PII), and configuration secrets. This vulnerability is fixed in 7.1.0.
Vendor
-
Product
-
CWE
CWE-89
Yayın Tarihi
2026-04-06 16:16:35
Güncelleme
2026-04-07 13:20:11
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-89 HIGH 2026

Referanslar

https://github.com/ChurchCRM/CRM/security/advisories/GHSA-r57q-r5v3-v5h8