Gepubliceerd
2019-05-15 09:00
When generating a query for finding particular checkbox values, the query was not properly being escaped before being passed onto the database.
Security Risk
Critical
Vulnerability
SQL Injection
Affected Versions
CiviCRM versions 5.13.0 and earlier
Fixed Versions
CiviCRM version 5.13.4 and 5.7.6
Solutions
Upgrade to the latest version of CiviCRM
Credits
Jamie McClelland of Progressive Technology Project for reporting and fixing the issue
References
security/core#44