Security Risk: 
Moderately Critical
Vulnerability: 
Access Bypass
Affected Versions: 
  • CiviCRM 4.6.10 and below
Fixed Versions: 
  • CiviCRM 4.6.11 and above
Publication Date: 
Tuesday, February 2, 2016
Description: 

The 4.6.11 release of CiviCRM addresses an issue whereby users with limited administrative rights (data viewing) were able to modify certain fields within CiviCRM.

Solutions: 
Credits: 

This issue was reported and resolved by Mattias Michaux in co-ordination with the CiviCRM security team.

The CiviCRM community thanks Mattias for his contribution to CiviCRM's security.