The Quick Search API in CiviCRM 4.2.0 up to and including 4.2.9 and 4.3.0 up to and including 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to contact.getquick.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
civicrm civicrm 4.2.8 |
||
civicrm civicrm 4.2.9 |
||
civicrm civicrm 4.3.1 |
||
civicrm civicrm 4.2.5 |
||
civicrm civicrm 4.2.7 |
||
civicrm civicrm 4.3.3 |
||
civicrm civicrm 4.2.0 |
||
civicrm civicrm 4.2.1 |
||
civicrm civicrm 4.2.2 |
||
civicrm civicrm 4.3.0 |
||
civicrm civicrm 4.3.2 |
||
civicrm civicrm 4.2.4 |
||
civicrm civicrm 4.2.6 |