Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.11 views

CVE-2026-6628

A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argument custom causes sql injection. The attack can be initiated remotely. The exploit has been publish...

6.5CVSS6.3AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.10 views

CVE-2026-44418

EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL queries via strreplace without any sanitization, enabling SQL injection through query parameters th...

8.7CVSS5.6AI score0.00285EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:58 p.m.9 views

CVE-2026-44418

EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL queries via strreplace without any sanitization, enabling SQL injection through query parameters th...

9.8CVSS5.9AI score0.0035EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/04/20 10:16 a.m.7 views

CVE-2026-6628

A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argument custom causes sql injection. The attack can be initiated remotely. The exploit has been publish...

6.5CVSS0.00196EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/20 10:0 a.m.5 views

CVE-2026-6628 phili67 Ecclesia CRM Query Viewer view ValidateInput sql injection

A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argument custom causes sql injection. The attack can be initiated remotely. The exploit has been publish...

6.5CVSS6.3AI score0.00196EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/20 10:0 a.m.5 views

CVE-2026-6628

A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argument custom causes sql injection. The attack can be initiated remotely. The exploit has been publish...

6.5CVSS6.3AI score0.00196EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/20 10:0 a.m.39 views

CVE-2026-6628 phili67 Ecclesia CRM Query Viewer view ValidateInput sql injection

A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argument custom causes sql injection. The attack can be initiated remotely. The exploit has been publish...

6.5CVSS0.00196EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.8 views

PT-2026-33750

A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argument custom causes sql injection. The attack can be initiated remotely. The exploit has been publish...

6.5CVSS6.3AI score0.00196EPSS
Exploits0References5
CVE
CVE
added 2026/04/06 7:21 p.m.20 views

CVE-2026-35184

CVE-2026-35184 affects EcclesiaCRM prior to version 8.0.0, where a SQL injection vulnerability exists in the file v2/templates/query/queryview.php via the custom and value parameters. The issue is fixed in 8.0.0. Severity is reported as CRITICAL (CVSS 3.1/8.7+; CVSS 3.1/9.8 in other advisories), ...

9.8CVSS5.9AI score0.0035EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder