Pubblicato
2013-10-02 05:43
SQL injection vulnerability, multiple vectors.
Security Risk
Highly Critical
Vulnerability
SQL Injection
Affected Versions
All previously released versions of CiviCRM
Fixed Versions
4.2.12, 4.3.7, 4.4.beta4
Solutions
Any ONE of the following solutions will provide protection:
- Upgrade to 4.2.12, 4.3.7, 4.4.beta4 or later
- Apply this patch: https://github.com/civicrm/civicrm-core/pull/1708.diff
Credits
- Tristan Leiter
- Jonathan Borgeaud
- Donald Lobo
- Tim Otten
CVE
CVE-2013-5957