Publié
2024-10-16 12:00
The helper function CRM_Utils_File::cleanDir() is used to cleanup certain data folders. In some situations, it might be tricked into deleting additional files outside of the target directory.
Security Risk
Moderately Critical
Vulnerability
Other
Affected Versions
CiviCRM versions 5.78.1 and earlier
Fixed Versions
CiviCRM versions 5.78.2 and 5.75.4 (ESR)
Publication Date
Solutions
Upgrade to the latest CiviCRM Version
Credits
- Reporter: Sebastian Lisken of civiservice.de
- Development/Review: Sebastian Lisken of civiservice.de; Tim Otten of CiviCRM; Dave D; Seamus Lee of JMA Consulting & CiviCRM; Kevin Cristiano of Tadpole Collective
References
security/core#136
