{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-35567/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-35567"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-35567","sql-injection","churchcrm"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eChurchCRM, an open-source church management system, is susceptible to SQL injection attacks in versions prior to 7.1.0. The vulnerability, identified as CVE-2026-35567, resides in the \u003ccode\u003esrc/MemberRoleChange.php\u003c/code\u003e file, specifically within the \u003ccode\u003eNewRole\u003c/code\u003e POST parameter. Exploitation requires an attacker to have an authenticated session with the \u003ccode\u003eManageGroups\u003c/code\u003e role, along with knowledge of valid \u003ccode\u003eGroupID\u003c/code\u003e and \u003ccode\u003ePersonID\u003c/code\u003e values, which can be obtained from the \u003ccode\u003eGroupView\u003c/code\u003e or \u003ccode\u003ePersonView\u003c/code\u003e pages. Successful exploitation can lead to unauthorized data access, modification, or deletion within the ChurchCRM database. The vulnerability is resolved in ChurchCRM version 7.1.0.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains authenticated access to ChurchCRM with a user account possessing the \u003ccode\u003eManageGroups\u003c/code\u003e role.\u003c/li\u003e\n\u003cli\u003eAttacker identifies valid \u003ccode\u003eGroupID\u003c/code\u003e and \u003ccode\u003ePersonID\u003c/code\u003e values by browsing the \u003ccode\u003eGroupView\u003c/code\u003e or \u003ccode\u003ePersonView\u003c/code\u003e pages.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP POST request targeting \u003ccode\u003esrc/MemberRoleChange.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe POST request includes the \u003ccode\u003eNewRole\u003c/code\u003e parameter containing a crafted SQL injection payload, exploiting the lack of proper integer validation.\u003c/li\u003e\n\u003cli\u003eThe application executes the SQL query incorporating the injected payload.\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves sensitive data from the database, modifies existing data, or injects malicious data.\u003c/li\u003e\n\u003cli\u003eThe attacker could leverage the SQL injection to create a new administrative user.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the new administrative account to take complete control of the ChurchCRM instance.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability (CVE-2026-35567) in ChurchCRM can result in the complete compromise of the application\u0026rsquo;s database. An attacker can gain unauthorized access to sensitive church member data, including personally identifiable information (PII). This can lead to data breaches, identity theft, and financial fraud. Malicious actors could also modify or delete data, disrupting church operations and potentially causing reputational damage. The impact is critical, especially considering the sensitive nature of the data managed by ChurchCRM.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade ChurchCRM installations to version 7.1.0 or later to remediate the SQL injection vulnerability (CVE-2026-35567).\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to detect suspicious POST requests to \u003ccode\u003esrc/MemberRoleChange.php\u003c/code\u003e containing potential SQL injection attempts.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual activity related to \u003ccode\u003eMemberRoleChange.php\u003c/code\u003e, especially concerning the \u003ccode\u003eNewRole\u003c/code\u003e parameter (webserver log source).\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures for all user-supplied data, focusing on integer validation for parameters like \u003ccode\u003eNewRole\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-07T16:16:29Z","date_published":"2026-04-07T16:16:29Z","id":"/briefs/2026-04-churchcrm-sqli/","summary":"ChurchCRM versions prior to 7.1.0 are vulnerable to SQL injection via the NewRole POST parameter, allowing authenticated users with the ManageGroups role to execute arbitrary SQL commands.","title":"ChurchCRM SQL Injection Vulnerability (CVE-2026-35567)","url":"https://feed.craftedsignal.io/briefs/2026-04-churchcrm-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-35567","version":"https://jsonfeed.org/version/1.1"}