Security Risk: 
Less Critical
Vulnerability: 
SQL Injection
Affected Versions: 
  • CiviCRM 4.6.14 and below OR CiviCRM 4.7.4 and below
Fixed Versions: 
  • CiviCRM 4.6.15 and above OR CiviCRM 4.7.5 and above
Publication Date: 
Wednesday, September 7, 2016
Description: 

The CiviCRM installer was potentially vulnerable to SQL injection.

 

Solutions: 
  • Upgrade to CiviCRM 4.6.15 or later OR CiviCRM 4.7.5 or later.
Credits: 

This issue was responsibly disclosed to CiviCRM by the Hewlett-Packard Fortify Open Review Project. For more information about the Fortify Open Review project, visit https://hpfod.com/open-source-review-project

The fix was submitted by Pradeep Nayak of JMA Consulting.

The issue was resolved by Chris Burgess of Fuzion Aotearoa.