SQL Injection in Phili67 Ecclesiacrm

CVE-2026-44418

EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput() function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL queries via str_replace without any san…

Vulnerability class: SQL Injection

EPSS: 0.000 (10.3th percentile) — read the EPSS interpretation.

Affected products

Phili67 Ecclesiacrm — versions <= 8.0.0

Weakness classification (CWE)

CWE-89 — SQL Injection

References

security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_CONFIRM)