CVE-2026-40482
UNKNOWN
NVD
CVSS Score
0
Severity
UNKNOWN
Published
Apr 18, 2026
Vendor
unknown
Description
ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::getMemberByScanString() via unsanitized $routeAndAccount concatenated into raw SQL. This issue has been fixed in version 7.2.0.