1. Home
  2. CVE Database
  3. CVE-2026-44418
NONE · 0

CVE-2026-44418

EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput() function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL ...

Vulnerability Description

EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput() function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL queries via str_replace without any sanitization, enabling SQL injection through query parameters that use non-standard validation types. This is caused by an incomplete fix for CVE-2026-35184.

Related Weaknesses (CWE)

CWE-89

References

FAQ

What is CVE-2026-44418?

CVE-2026-44418 is a documented vulnerability. EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput() function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL ...

How severe is CVE-2026-44418?

CVSS scoring is not yet available for CVE-2026-44418. Check NVD for updates.

Is there a patch for CVE-2026-44418?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.