CVE-2026-35184

Published: Apr 6, 2026

Modified: Apr 7, 2026

PUBLISHED

Description

EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0.

Vendor	Product	Versions
phili67	ecclesiacrm	affected `< 8.0.0`

Weaknesses (CWE)

CWE-89

References

https://github.com/phili67/ecclesiacrm/security/advisories/GHSA-gjw3-73q9-v2qh

x_refsource_CONFIRM

https://github.com/phili67/ecclesiacrm/pull/2861

x_refsource_MISC

https://github.com/phili67/ecclesiacrm/commit/f743b97f89da469a4c70b82bd61d0a59a3a957a9

x_refsource_MISC

https://gist.github.com/NicolasPauferro/d877992327592f1e8eb4e2c9dce1ae9b

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-35184

Description

Affected Products

Weaknesses (CWE)

References