QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-44418

Back to search

CVE-2026-44418

Published: May 13, 2026

Modified: May 14, 2026

PUBLISHED

Description

EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput() function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL queries via str_replace without any sanitization, enabling SQL injection through query parameters that use non-standard validation types. This is caused by an incomplete fix for CVE-2026-35184.

VendorProductVersions

phili67

ecclesiacrm

affected
<= 8.0.0

Weaknesses (CWE)

CWE-89

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now