CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote malicious users to execute arbitrary code via crafted CSV file.
churchcrm churchcrm 4.2.0