CIVI-SA-2013-009 - SQL Injection Vulnerability

Gepubliceerd

2013-10-02 05:43

Written by

colemanw - member of the CiviCRM community - view blog guidelines

SQL injection vulnerability, multiple vectors.

Security Risk

Highly Critical

Vulnerability

SQL Injection

Affected Versions

All previously released versions of CiviCRM

Fixed Versions

4.2.12, 4.3.7, 4.4.beta4

Solutions

Any ONE of the following solutions will provide protection:

Upgrade to 4.2.12, 4.3.7, 4.4.beta4 or later
Apply this patch: https://github.com/civicrm/civicrm-core/pull/1708.diff

Credits

Tristan Leiter
Jonathan Borgeaud
Donald Lobo
Tim Otten

CVE

CVE-2013-5957

We are in the process of translating the civicrm.org website. Translations may not be available in all languages. Read more and participate.

© 2005 - 2023, CIVICRM LLC. All rights reserved.
CiviCRM and the CiviCRM logo are trademarks of CIVICRM LLC. Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Share Alike 3.0 United States Licence.

[D8]

CIVI-SA-2013-009 - SQL Injection Vulnerability

WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM

Languages

CIVI-SA-2013-009 - SQL Injection Vulnerability

WORK WITH A TRUSTED EXPERT TO SETUP YOUR CIVICRM

WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM