Civicrm@* Security Vulnerabilities and Issues — Civicrm@* CVE List

Lucene search

CivicrmCivicrm*

4 matches found

CVE•added 2021/06/17 7:15 p.m.•59 views

CVE-2020-36388

In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.

8.8CVSS8.5AI score0.00587EPSS

CVE•added 2021/06/17 7:15 p.m.•53 views

CVE-2020-36389

In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.

4.3CVSS4.8AI score0.00409EPSS

CVE•added 2018/07/23 4:29 p.m.•46 views

CVE-2018-1999022

PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_QuickForm_element's _prepareValue method...

9.8CVSS9.5AI score0.01399EPSS

Web

CVE•added 2013/11/27 6:55 p.m.•36 views

CVE-2013-5957

Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcounty.

7.5CVSS8.7AI score0.00362EPSS

Web