CVE-2020-36389 – CiviCRM < 5.28.1 - Cross-Site Request Forgery to Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-36389
In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF. En CiviCRM versiones anteriores a 5.28.1 y CiviCRM ESR versiones anteriores a 5.27.5 ESR, el formulario de configuración del CKEditor permite ataques de tipo CSRF The CiviCRM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via improper CSRF checks in the CKEditor Configuration Form in versions up to, and including, 5.28.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://blog.sonarsource.com/civicrm-code-execution-vulnerability-chain-explained https://civicrm.org/advisory/civi-sa-2020-11-csrf-ckeditor-configuration-form • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-36388
https://notcve.org/view.php?id=CVE-2020-36388
In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive. En CiviCRM versiones anteriores a 5.21.3 y versiones 5.22.x hasta 5.24.x y versiones anteriores a 5.24.3, unos usuarios pueden ser capaces de cargar y ejecutar un archivo PHAR diseñado • https://blog.sonarsource.com/civicrm-code-execution-vulnerability-chain-explained https://civicrm.org/advisory/civi-sa-2020-03 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2018-1999022
https://notcve.org/view.php?id=CVE-2018-1999022
PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_QuickForm_element's _prepareValue method. that can result in Possible information disclosure, possible impact on data integrity and execution of arbitrary code. This attack appear to be exploitable via A specially crafted query string could be utilised, e.g. http://www.example.com/admin/add_practice_type_id[1]=fubar%27])%20OR%20die(%27OOK!%27);%20//&mode=live. This vulnerability appears to have been fixed in 3.2.15. PEAR HTML_QuickForm 3.2.14 contiene una vulnerabilidad de inyección de eval (CWE-95) en el método getSubmitValue de HTML_QuickForm el método validate de HTML_QuickForm, el método _setOptions de HTML_QuickForm_hierselect, el método _findValue de HTML_QuickForm_element y en el método _prepareValue de HTML_QuickForm_element que puede resultar en una posible divulgación de información, un posible impacto en la integridad de los datos y en la ejecución de código arbitrario. • http://blog.pear.php.net/2018/07/19/security-vulnerability-announcement-html_quickform https://civicrm.org/advisory/civi-sa-2018-07-remote-code-execution-in-quickform • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2013-5957
https://notcve.org/view.php?id=CVE-2013-5957
Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcounty. Múltiples vulnerabilidades de inyección de SQL en CRM/Core/Page/AJAX/Location.php de CiviCRM anterior a la versión 4.2.12, 4.3.x anterior a 4.3.7, y 4.4.x anterior a la versión 4.4.beta4 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro _value a (1) ajax/jqState o (2) ajax/jqcounty. • https://civicrm.org/advisory/civi-sa-2013-009-sql-injection-vulnerability https://github.com/civicrm/civicrm-core/pull/1708.diff https://www.navixia.com/blog/entry/navixia-finds-critical-vulnerability-in-civicrm-cve-2013-5957.html https://www.navixia.com/company/navixia-news/395-navixia-finds-critical-vulnerability-in-civicrm.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •