CIVI-SA-2023-10: Multiple Potential SQLI

Gepubliceerd
2023-09-06 12:00
Written by

A problematic code pattern was found in ~8 places. Any of these places could be vulnerable a SQL injection (SQLI) attack. However, it is believed that most or all have mitigating factors that prevent exploits.

Security Risk
Moderately Critical
Vulnerability
SQL Injection
Affected Versions

CiviCRM version 5.64.3 and earlier

Fixed Versions

CiviCRM version 5.64.4, 5.65.0 and 5.63.4 (ESR)

Publication Date
Solutions

Upgrade to the fixed version of CiviCRM

Credits

Rich Lott of Artful Robot.
Seamus Lee of JMA Consulting/CiviCRM.
Tim Otten of CiviCRM.
Coleman Watts of CiviCRM.