CIVI-SA-2013-009 - SQL Injection Vulnerability

Published
2013-10-02 05:43
Written by
SQL injection vulnerability, multiple vectors.
Security Risk
Highly Critical
Vulnerability
SQL Injection
Affected Versions

All previously released versions of CiviCRM

Fixed Versions

4.2.12, 4.3.7, 4.4.beta4

Solutions

Any ONE of the following solutions will provide protection:

 

Credits
  • Tristan Leiter
  • Jonathan Borgeaud
  • Donald Lobo
  • Tim Otten
CVE
CVE-2013-5957