VYPR
Vendor

Ecclesiacrm

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2026-35184CriApr 6, 2026
    risk 0.57cvss 9.8epss 0.00

    EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0.

  • CVE-2026-44418HigMay 13, 2026
    risk 0.50cvss epss 0.00

    EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput() function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL queries via str_replace without any sanitization, enabling SQL injection…

  • CVE-2026-6628MedApr 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argument custom causes sql injection. The attack can be initiated remotely. The…