ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::getMemberByScanString() via unsanitized $routeAndAccount concatenated into raw SQL. This issue has been fixed in version 7.2.0.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation3 reference(s) from NVD