Two CVEs affecting EspoCRM are present under SQL injection (CWE-89) in the broader batch. No active exploitation evidence was present in source data. CRM platforms holding customer and business data are attractive targets; SQL injection flaws at this layer can expose the full CRM database. Verify affected versions and apply patches via the official EspoCRM GitHub repository and security advisories.