CVE-2026-6628 | phili67 Ecclesia CRM up to 8.0.0 Query Viewer /v2/query/view/ ValidateInput custom sql injection

A vulnerability, which was classified as critical, has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argument custom causes sql injection.

This vulnerability is handled as CVE-2026-6628. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More