CVE-2026-44418
UNKNOWN
NVD
CVSS Score
0
Severity
UNKNOWN
Published
May 13, 2026
Vendor
unknown
Description
EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput() function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL queries via str_replace without any sanitization, enabling SQL injection through query parameters that use non-standard validation types. This is caused by an incomplete fix for CVE-2026-35184.