Security Risk: 
Highly Critical
Vulnerability: 
SQL Injection
Affected Versions: 

All previously released versions of CiviCRM

Fixed Versions: 

4.2.12, 4.3.7, 4.4.beta4

Publication Date: 
Wednesday, October 2, 2013
Description: 
SQL injection vulnerability, multiple vectors.
Solutions: 

Any ONE of the following solutions will provide protection:

 

Credits: 
  • Tristan Leiter
  • Jonathan Borgeaud
  • Donald Lobo
  • Tim Otten
CVE: 
CVE-2013-5957