CVE-2026-6628 — Phili67 Ecclesia CRM SQL Injection
CVE-2026-6628 — A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argument custom causes sql injection. The attack can be initiated remotely. The exploit has
What This Means For You
- If your environment is affected by CWE-74, CWE-89, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-6628 updates and patches.
Related ATT&CK Techniques
🛡️ Detection Rules
1 rule · 6 SIEM formats1 detection rule mapped to MITRE ATT&CK. Sigma YAML is free — copy below.
CVE-2026-6628 - Ecclesia CRM SQL Injection via custom parameter
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-6628 | vulnerability | CVE-2026-6628 |
| CWE-74 | weakness | CWE-74 |
| CWE-89 | weakness | CWE-89 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 20, 2026 at 13:16 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related Posts
Oracle's April CPU: 450 Patches, Over 300 Remote, Unauthenticated Flaws
Oracle has dropped its April Critical Patch Update (CPU), delivering a significant batch of 481 security fixes across 28 product families. Of particular concern are...
Telerik UI for AJAX RadFilter Vulnerable to RCE via Deserialization
CVE-2026-6023 — In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if...
Telerik UI Vulnerability Allows Disk Space Exhaustion Attacks
CVE-2026-6022 — In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the...