Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM prior to 4.2.12, 4.3.x prior to 4.3.7, and 4.4.x prior to 4.4.beta4 allow remote malicious users to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcounty.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
civicrm civicrm 4.4.0 |
||
civicrm civicrm 4.4 |
||
civicrm civicrm |
||
civicrm civicrm 4.2.10 |
||
civicrm civicrm 4.2.5 |
||
civicrm civicrm 4.2.4 |
||
civicrm civicrm 4.2.2 |
||
civicrm civicrm 4.2.1 |
||
civicrm civicrm 4.2.9 |
||
civicrm civicrm 4.2.7 |
||
civicrm civicrm 4.2.8 |
||
civicrm civicrm 4.2.6 |
||
civicrm civicrm 4.2.0 |
||
civicrm civicrm 4.3.3 |
||
civicrm civicrm 4.3.4 |
||
civicrm civicrm 4.3.5 |
||
civicrm civicrm 4.3.6 |
||
civicrm civicrm 4.3.1 |
||
civicrm civicrm 4.3.0 |
||
civicrm civicrm 4.3.2 |
Vulmon