CVE-2026-39343

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 7.1.0

Description ChurchCRM, an open-source church management system, contains a SQL injection issue in the EditEventTypes.php file, accessible to administrators. The EN tyid POST parameter is not properly sanitized before being used in a SQL query, potentially allowing an administrator to execute arbitrary SQL commands against the database.

Recommendations Update to version 7.1.0 or later.