Pubblicato
2026-03-18 12:00
For organizations which use custom data with an access control list (ACL) , backend users may use "Advanced Search" to discover implicit information from restricted fields.
Security Risk
Moderately Critical
Vulnerability
Information Disclosure
Affected Versions
CiviCRM v5.75 to v6.11
Fixed Versions
CiviCRM v6.12.0, v6.10.3 (ESR), and later
Publication Date
Solutions
Upgrade to a fixed version of CiviCRM
Credits
Muhammad Shahrukh (Compuco), Coleman Watts (CiviCRM)
