CVE-2026-6628

CVE-2026-6628 affects phili67 Ecclesia CRM up to version 8.0.0. The vulnerability is in the Query Viewer Component, specifically the ValidateInput function under /v2/query/view/, where manipulation of the custom argument leads to SQL injection. The issue can be triggered remotely and the exploit ...

CVE-2026-6628 phili67 Ecclesia CRM Query Viewer view ValidateInput sql injection

A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argument custom causes sql injection. The attack can be initiated remotely. The exploit has been publish...

CVE-2026-39342

ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The authenticated user requires access to Data/Reports Query Menu and access to the "Advanced Search" query. This vulnerability is...

CVE-2026-39342 ChurchCRM has a SQL injection searchwhat parameter via QueryView.php

ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The authenticated user requires access to Data/Reports Query Menu and access to the "Advanced Search" query. This vulnerability is...

EUVD-2026-19845

ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The authenticated user requires access to Data/Reports Query Menu and access to the "Advanced Search" query. This vulnerability is...

PT-2026-30965

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 7.1.0 Description ChurchCRM, an open-source church management system, has an issue where the searchwhat parameter in 'QueryView.php' with 'QueryID=15' is susceptible to SQL injection. An authenticated user needs...

CVE-2026-35184 EcclesiaCRM has a Critical SQL Injection

EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0...

BIT-AIRFLOW-2020-17513

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old Flask-admin based UI were vulnerable for SSRF attack...

CVE-2023-38770

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php...

GHSA-RCGC-4XFC-564V TYPO3 Insecure Deserialization in Query Generator & Query View

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel Backend Module: DB...

GHSA-6MH3-J5R5-2379 Cross-Site Scripting in Query Generator & Query View

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.5 Problem Failing to properly encode error messages, the components QueryGenerator and QueryView are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileg...

TYPO3-CORE-SA-2021-010: Cross-Site Scripting in Query Generator & Query View

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-010...

TYPO3-CORE-SA-2021-010: Cross-Site Scripting in Query Generator & Query View

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-010...

Cross-Site Scripting in Query Generator & Query View

Failing to properly encode error messages, the components QueryGenerator and QueryView are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability...

PT-2021-3865 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 9.0.0 through 9.5.28 TYPO3 versions 10.0.0 through 10.4.17 TYPO3 versions 11.0.0 through 11.3.0 Description: The issue is related to the components QueryGenerator and QueryView in the TYPO3 content management system, which are...

GHSA-6R3P-FCVM-XH7C SSRF vulnerability in Apache Airflow

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old Flask-admin based UI were vulnerable for SSRF attack...

CVE-2020-17513

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old Flask-admin based UI were vulnerable for SSRF attack...

CVE-2020-17513

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old Flask-admin based UI were vulnerable for SSRF attack...

PYSEC-2020-20

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old Flask-admin based UI were vulnerable for SSRF attack...

Server side request forgery (ssrf)

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old Flask-admin based UI were vulnerable for SSRF attack...