CVE-2026-35184
🔴 Łataj teraz
Wstrzyknięcie SQL w EcclesiaCRM umożliwia atakującemu manipulację danymi.
CVSS
9.8
EPSS
0.0%
Exploit
poc
Vendor
ecclesiacrm
Opis źródłowy (NVD)
EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0.
exploit sql-injection
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.0% |
| Opublikowano (NVD) | 2026-04-06 20:16:26 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-16 04:35:50 UTC |
Referencje
- https://gist.github.com/NicolasPauferro/d877992327592f1e8eb4e2c9dce1ae9b (security-advisories@github.com) [Exploit, Third Party Advisory]
- https://github.com/phili67/ecclesiacrm/commit/f743b97f89da469a4c70b82bd61d0a59a3a957a9 (security-advisories@github.com) [Patch]
- https://github.com/phili67/ecclesiacrm/pull/2861 (security-advisories@github.com) [Issue Tracking, Patch]
- https://github.com/phili67/ecclesiacrm/security/advisories/GHSA-gjw3-73q9-v2qh (security-advisories@github.com) [Patch, Vendor Advisory]