Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

ChurchCRM — Vulnerabilities & Security Advisories 68

Browse all 68 CVE security advisories affecting ChurchCRM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products ChurchCRM:CRMChurchCRM
CVE IDTitleCVSSSeverityPaused
CVE-2026-39318 ChurchCRM has a DDL SQL Injection in GroupPropsFormRowOps.php — CRMCWE-89 8.8 High2026-04-07
CVE-2026-39335 ChurchCRM has Stored XSS via Unescaped data-* Attributes in Group/Family Controls — CRMCWE-79 6.1 Medium2026-04-07
CVE-2026-35576 ChurchCRM has Stored Cross-Site Scripting (XSS) in Person Properties via PrintView.php — CRMCWE-79 8.7 High2026-04-07
CVE-2026-35575 ChurchCRM has Stored XSS in Group Name — CRMCWE-79 8.0 High2026-04-07
CVE-2026-35572 SSRF via Referer header in ChurchCRM allows server-side HTTP/HTTPS requests to arbitrary hosts — CRMCWE-918 7.1AIHighAI2026-04-07
CVE-2026-35573 ChurchCRM has a Path traversal leads to RCE — CRMCWE-22 9.1 Critical2026-04-07
CVE-2026-35574 ChurchCRM has a Stored XSS in Person Profile - Add a Note — CRMCWE-79 7.3 High2026-04-07
CVE-2026-35534 ChurchCRM has Stored XSS in PersonView.php via Facebook Field Attribute Injection — CRMCWE-79 7.6 High2026-04-07
CVE-2026-32880 ChurchCRM is vulnerable to Stored XSS through JSON handling in SystemSettings.php — CRMCWE-79 6.4 Medium2026-03-20
CVE-2026-26059 ChurchCRM has Stored Cross-Site Scripting (XSS) in GroupEditor.php — CRMCWE-79 5.4 -2026-02-19
CVE-2026-24855 ChurchCRM has Stored Cross-Site Scripting (XSS) in Create Events in Church Calendar, Leading to Account Takeover — CRMCWE-79 5.4AIMediumAI2026-01-30
CVE-2026-24854 Church CRM has SQL injection in PaddleNumEditor.php — CRMCWE-89 8.8 High2026-01-30
CVE-2025-68275 ChurchCRM vulnerable to Stored XSS - Group name > Person Listing — CRMCWE-79 5.4AIMediumAI2025-12-17
CVE-2025-68401 ChurchCRM has Stored Cross-Site Scripting (XSS) vulnerability that leads to session theft and account takeover — CRMCWE-79 7.6AIHighAI2025-12-17
CVE-2025-68400 ChurchCRM vulnerable to time-based blind SQL Injection in ConfirmReportEmail.php — CRMCWE-89 8.8AIHighAI2025-12-17
CVE-2025-68399 ChurchCRM has Stored Cross-Site Scripting (XSS) In GroupEditor.php — CRMCWE-79 5.4AIMediumAI2025-12-17
CVE-2025-68112 ChurchCRM has SQL injection in EditEventAttendees.php — CRMCWE-89 9.6 Critical2025-12-17
CVE-2025-68111 ChurchCRM has SQL Injection in eGive Import Feature — CRMCWE-89 7.2 High2025-12-17
CVE-2025-68110 ChurchCRM discloses database information on error message — CRMCWE-200 10.0 Critical2025-12-17
CVE-2025-68109 ChurchCRM vulnerable to RCE with database restore functionality — CRMCWE-78 9.1 Critical2025-12-17
CVE-2025-67877 ChurchCRM SQL Injection Vulnerability — CRMCWE-89 8.8AIHighAI2025-12-17
CVE-2025-67876 ChurchCRM has Stored XSS in Group Role Name Leading to Admin Session Hijacking — CRMCWE-79 5.4AIMediumAI2025-12-17
CVE-2025-67875 ChurchCRM has stored XSS via Person Property Assignment Leading to Admin Session Hijacking — CRMCWE-79 7.6AIHighAI2025-12-17
CVE-2025-66397 ChurchCRM's Kiosk Manager Functions are vulnerable to Broken Access Control — CRMCWE-284 8.3 High2025-12-17
CVE-2025-66396 ChurchCRM has SQL Injection in User Editor via `type` Parameter Key — CRMCWE-89 7.2 High2025-12-17
CVE-2025-66395 SQL Injection in Event List via `WhichType` Parameter — CRMCWE-89 8.8 High2025-12-17
CVE-2025-62521 ChurchCRM has unauthenticated RCE in its Install Wizard — CRMCWE-94 10.0 Critical2025-12-17
CVE-2025-67751 ChurchCRM has SQL Injection in Event Editor via `EN_tyid` Parameter caused by an Incomplete Fix — CRMCWE-89 7.2 High2025-12-16
CVE-2025-67874 ChurchCRM has plaintext password return in response — CRMCWE-204 8.1AIHighAI2025-12-16
CVE-2025-66313 ChurchCRM vulnerable to a time-based blind SQL injection via the 1FieldSec parameter — CRMCWE-89 7.7AIHighAI2025-12-01

This page lists every published CVE security advisory associated with ChurchCRM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.