CiviCRM Standalone
CiviCRM Standalone aims to make CiviCRM work without a content management system (CMS), such as Drupal or WordPress, making it easier to use by a wider audience.
CiviCRM Standalone aims to make CiviCRM work without a content management system (CMS), such as Drupal or WordPress, making it easier to use by a wider audience.
Recent version of CiviCRM with the The Island theme on WordPress. Minimal read-only demo.
To login: username is "demo" and password is "demo123".
We provide turn-key CiviCRM hosting (no installation costs, regular CiviCRM upgrades, backups, secure https, 24/7 monitoring, no lock-in) with Drupal7, Drupal8 and WordPress, in French, English or bilingual configurations.
The "dompdf" library has a vulnerability which allows remote code execution. It may be exploited by some backend users.
The CiviCRM-WordPress module includes a "Quick Add" widget that can be used to trick another user into executing arbitrary HTML and Javascript.
(This vulnerability is similar to "stored cross-site scripting". However, exploiting it requires the backend privilege access CiviCRM
, so it can only be exploited by internal users.)
CiviCRM's file-upload mechanism includes a guard to limit the range of accepted file-types. However, the guard is too relaxed - in some configurations, this enables a less-privileged data-administrator to execute arbitrary code.