Publicat
2016-02-02 02:06
The 4.6.11 release of CiviCRM addresses an issue whereby users with limited administrative rights (data viewing) were able to modify certain fields within CiviCRM.
Security Risk
Moderately Critical
Vulnerability
Access Bypass
Affected Versions
- CiviCRM 4.6.10 and below
Fixed Versions
- CiviCRM 4.6.11 and above
Solutions
- Upgrade to a fixed version of CiviCRM, 4.6.11+, OR
- Apply patch from CRM-17533: https://github.com/civicrm/civicrm-core/pull/7163
Credits
This issue was reported and resolved by Mattias Michaux in co-ordination with the CiviCRM security team.
The CiviCRM community thanks Mattias for his contribution to CiviCRM's security.