Posted by Simon Waters (Surevine) on Apr 08

CivicRM extends common CMS platforms (WordPress, Drupal) with a module to manage Civic campaigns, tracking donors,
amounts, and campaign CRM type activity.

I tested the WordPress integration of CivicRM 4.7b3 which was found to have blind SQL Injections that allow
authenticated users to download arbitrary database content.

The first was in the columns[0][data] parameter when querying a contact relationship in the AJAX query….