Security Risk: 
Moderately Critical
Vulnerability: 
Access Bypass
Affected Versions: 

4.4.6

(Note: 4.2.x & 4.3.x are not affected)

Fixed Versions: 

4.4.7

(Note: 4.2.x & 4.3.x are not affected)

Publication Date: 
Wednesday, September 17, 2014
Description: 

CiviCRM Access Control Lists (ACLs) allow site administrators to grant or revoke access to specifics groups/contacts. In CiviCRM 4.4.x, any staff user with access to the "Export" functionality could bypass the ACLs.

Solutions: 

Upgrade to 4.4.7

Credits: 
  • Eileen McNaughton (Fuzion)
  • Kurund Jalmi (CiviCRM)