EUVD-2026-19831

| CVE-2026-39334 HIGH
2026-04-07 GitHub_M
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 07, 2026 - 18:00 euvd
EUVD-2026-19831
Analysis Generated
Apr 07, 2026 - 18:00 vuln.today
CVE Published
Apr 07, 2026 - 17:38 nvd
HIGH 8.8

Tags

PHP SQLi

Description

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsIndividual.php in ChurchCRM 7.0.5. Authenticated users without any specific privileges can inject arbitrary SQL statements through the type array parameter via the index and thus extract and modify information from the database. This vulnerability is fixed in 7.1.0.

Analysis

SQL injection in ChurchCRM 7.0.5 /SettingsIndividual.php endpoint allows authenticated low-privilege users to extract, modify, or delete database contents remotely. The vulnerability exploits insufficient input validation on the type array parameter, enabling arbitrary SQL statement execution. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Identify all systems running ChurchCRM 7.0.5 and document current user privilege assignments. Within 7 days: Upgrade ChurchCRM to version 7.1.0 or later; test in staging environment first. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

44
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +44
POC: 0

Share

EUVD-2026-19831 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy