# CVE-2026-40482

> Vulnerability.

## Description

ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::getMemberByScanString() via unsanitized $routeAndAccount concatenated into raw SQL. This issue has been fixed in version 7.2.0.

## Key facts

- **CVE ID:** CVE-2026-40482
- **Published:** 2026-04-18
- **CWE codes:** CWE-89

## Primary sources

- NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-40482

## Citation

> AI Analytics. CVE-2026-40482. Retrieved 2026-06-26 from https://api.ai-analytics.org/cve/CVE-2026-40482. Derived from NIST NVD. Licensed CC0.

---

*[Dataset catalog](https://api.ai-analytics.org/datasets/) · [AI Analytics](https://api.ai-analytics.org/) · CC0 1.0*