The CiviCRM installer was potentially vulnerable to SQL injection.
- CiviCRM 4.6.14 and below OR CiviCRM 4.7.4 and below
- CiviCRM 4.6.15 and above OR CiviCRM 4.7.5 and above
- Upgrade to CiviCRM 4.6.15 or later OR CiviCRM 4.7.5 or later.
This issue was responsibly disclosed to CiviCRM by the Hewlett-Packard Fortify Open Review Project. For more information about the Fortify Open Review project, visit https://hpfod.com/open-source-review-project
The fix was submitted by Pradeep Nayak of JMA Consulting.
The issue was resolved by Chris Burgess of Fuzion Aotearoa.
- https://issues.civicrm.org/jira/browse/CRM-16617 (Restricted Access)
- https://issues.civicrm.org/jira/browse/CRM-16801 (Restricted Access)