CVE-2026-35184

CRITICAL 9.8

EcclesiaCRM has a Critical SQL Injection

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

9th

EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0.

CWE	CWE-89
Vendor	phili67
Product	ecclesiacrm
Published	Apr 6, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for phili67 ecclesiacrm

Be the first to know when new critical vulnerabilities affecting phili67 ecclesiacrm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

phili67 / ecclesiacrm

< 8.0.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/phili67/ecclesiacrm/security/advisories/GHSA-gjw3-73q9-v2qh github.com: https://github.com/phili67/ecclesiacrm/pull/2861 github.com: https://github.com/phili67/ecclesiacrm/commit/f743b97f89da469a4c70b82bd61d0a59a3a957a9 gist.github.com: https://gist.github.com/NicolasPauferro/d877992327592f1e8eb4e2c9dce1ae9b