CVE-2026-42288

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 7.3.2

Description A pre-authentication remote code execution issue exists in the setup wizard. The flaw allows for remote code execution via the unsanitized DB PASSWORD variable.

Recommendations Update to version 7.3.2.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2026-42288

Affected Products

Churchcrm

CVE-2026-42288

Weakness Enumeration

Related Identifiers

Affected Products

References · 6