ByteOS Network

phili67

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-6628

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-5.3||MEDIUM

EPSS-Not Assigned

Published-20 Apr, 2026 | 10:00

Updated-20 Apr, 2026 | 10:54

phili67 Ecclesia CRM Query Viewer view ValidateInput sql injection

A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argument custom causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-phili67

Product-Ecclesia CRM

CWE ID-CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2026-35184

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-8.7||HIGH

EPSS-0.03% / 8.60%

7 Day CHG-0.00%

Published-06 Apr, 2026 | 19:21

Updated-16 Apr, 2026 | 04:35

EcclesiaCRM has a Critical SQL Injection

EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0.

Vendor-ecclesiacrm phili67

Product-ecclesiacrm ecclesiacrm

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')