Közzétéve
2019-02-20 09:00
When conducting a "Contact" search, the groups and tags parameters were vulerable to SQL injection.
Security Risk
Critical
Vulnerability
SQL Injection
Affected Versions
CiviCRM versions 5.10.2 and earlier
Fixed Versions
CiviCRM Version 5.10.3 and 5.7.4
Solutions
Upgrade to the latest CiviCRM Version
Credits
Patrick Figel of Greenpeace for reporting and fixing the issue
References
security/core#28