CNNVD-202601-5010 Information

CNNVD ID

CNNVD-202601-5010

Related CVE

CVE-2026-24854

• CNNVD Published: 2026-01-30

Description (Chinese)

ChurchCRM是ChurchCRM开源的一个为教会打造的开源 CRM 系统。 ChurchCRM 6.7.2之前版本存在SQL注入漏洞，该漏洞源于对/PaddleNumEditor.php端点中PerID参数验证不足，可能导致SQL注入攻击。

Description (English)

ChurchCRM is an open-source CRM system for the Church, which is an open-source source of ChunchCRM. The pre-ChurchCRM version 6.7.2 contains an injection loophole in SQL, which results from inadequate verification of PerID parameters at /PaddleNumEditor.php endpoint, which could lead to an SQL injection attack.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

ChurchCRM

Published

2026-01-30

Last Modified

2026-02-24

References

http://github.com/ChurchCRM/CRM/commit/748f5084fc06c5e12463dc7fdd62d1d31fc08d38 https://github.com/ChurchCRM/CRM/security/advisories/GHSA-p3q7-q68q-h2gr https://access.redhat.com/security/cve/cve-2026-24854

Patch

https://churchcrm.io/install.html