A problematic code pattern was found in ~8 places. Any of these places could be vulnerable a SQL injection (SQLI) attack. However, it is believed that most or all have mitigating factors that prevent exploits.
CiviCRM version 5.64.3 and earlier
CiviCRM version 5.64.4, 5.65.0 and 5.63.4 (ESR)
Upgrade to the fixed version of CiviCRM
Rich Lott of Artful Robot.
Seamus Lee of JMA Consulting/CiviCRM.
Tim Otten of CiviCRM.
Coleman Watts of CiviCRM.