Published
2023-09-06 12:00
Some administrative actions for "Contact" profile-images lacked sufficient validation, making them vulnerable to a cross-site request forgery (CSRF).
Security Risk
Moderately Critical
Vulnerability
Cross Site Request Forgery
Affected Versions
CiviCRM version 5.64.3 and earlier
Fixed Versions
CiviCRM version 5.64.4, 5.65.0 and 5.63.4 (ESR)
Publication Date
Solutions
Upgrade to the fixed version of CiviCRM
Credits
Ranjit Pahan
Coleman Watts of CiviCRM.
Seamus Lee of JMA Consulting/CiviCRM.
References
security/core#126
huntr.dev: d0896494-0642-40d2-8d49-8cf6c7d6e5c0
