CVE-2026-40482 | ChurchCRM up to 7.1.x getMemberByScanString routeAndAccount sql injection (GHSA-hc37-vx3w-34fg)

A vulnerability identified as critical has been detected in ChurchCRM up to 7.1.x. Affected by this vulnerability is the function FinancialService::getMemberByScanString. This manipulation of the argument routeAndAccount causes sql injection.

This vulnerability is handled as CVE-2026-40482. The attack can be initiated remotely. There is not any exploit available.

You should upgrade the affected component.VulDB Recent EntriesRead More