CIVI-SA-2021-07: SQL injection in Joomla user integration

Published
2021-03-11 09:00
Written by

In the Joomla integration, some references to user-account records were not properly sanitized.

 

Security Risk
Critical
Vulnerability
Cross Site Scripting
Affected Versions

CiviCRM versions 5.35.0 and earlier

Fixed Versions

CiviCRM version 5.35.1 and ESR version 5.33.3

Publication Date
Solutions

Upgrade to the latest version of CiviCRM

Credits

Tim Otten of CiviCRM Core for Reporting and Fixing the issue

Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH for funding the fix

References

security/core#105