CVE-2013-4661
CiviCRM versions 2.0.0–4.2.9 and 4.3.0–4.3.3 do not properly enforce RBAC for default custom searches, allowing remote authenticated users with the access CiviCRM permission to bypass restrictions and view custom contribution data without the access CiviContribute permission. Root cause: RBAC mis...