Tag
high
advisory
ChurchCRM Time-Based Blind SQL Injection Vulnerability (CVE-2026-34402)
2 rules 1 TTP 1 CVECVE-2026-34402 is a time-based blind SQL injection vulnerability in ChurchCRM versions prior to 7.1.0. Authenticated users with Edit Records or Manage Groups permissions can exploit the PropertyAssign.php endpoint to exfiltrate or modify database content, including user credentials, PII, and configuration secrets.
sqlinjection
cve-2026-34402
churchcrm
webserver
2r
1t
1c
high
advisory
SQL Injection Vulnerability in Easy Blog Site 1.0
2 rules 1 TTP 1 CVEA SQL injection vulnerability exists in code-projects Easy Blog Site 1.0 within the login.php file, exploitable remotely by manipulating the username/password parameters, potentially leading to unauthorized database access.
sqlinjection
cve-2026-5646
webapplication
2r
1t
1c