Security Risk: 
Less Critical
Vulnerability: 
SQL Injection
Affected Versions: 

CiviCRM versions 4.6.20, 4.7.10 or previous

Fixed Versions: 

CiviCRM versions 4.6.21 and 4.7.21

Publication Date: 
Wednesday, September 7, 2016
Description: 

Sites which use the Drupal 6 "devel" module with CiviCRM to log SQL queries may be vulnerable to a SQL injection. However, it is not clear if this vulnerability is exploitable.

Solutions: 

To fix this users should do one of the following

Credits: 

Chris Burgess (Fuzion NZ) for reporting the issue.

Seamus Lee (Australian Greens) for fixing the issue.

References: