High severityNVD Advisory· Published May 13, 2026· Updated May 14, 2026
CVE-2026-44418
CVE-2026-44418
Description
EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput() function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL queries via str_replace without any sanitization, enabling SQL injection through query parameters that use non-standard validation types. This is caused by an incomplete fix for CVE-2026-35184.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <=8.0.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.