VulnerableCode Package Details - pkg:deb/debian/civicrm@4.7.14%2Bdfsg-1~bpo8%2B1

Search for packages

Package details: pkg:deb/debian/civicrm@4.7.14%2Bdfsg-1~bpo8%2B1

Essentials
History (3)

purl	pkg:deb/debian/civicrm@4.7.14%2Bdfsg-1~bpo8%2B1

Next non-vulnerable version	5.68.1+dfsg1-1
Latest non-vulnerable version	5.68.1+dfsg1-1
Risk	4.4

Vulnerabilities affecting this package (3)

Vulnerability	Summary	Fixed by
VCID-a2dz-vvxf-9ue8 Aliases: CVE-2018-1999022	PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_QuickForm_element's _prepareValue method. that can result in Possible information disclosure, possible impact on data integrity and execution of arbitrary code. This attack appear to be exploitable via A specially crafted query string could be utilised, e.g. http://www.example.com/admin/add_practice_type_id[1]=fubar%27])%20OR%20die(%27OOK!%27);%20//&mode=live. This vulnerability appears to have been fixed in 3.2.15.	5.33.2+dfsg1-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-c4xs-9e81-uuaf Aliases: CVE-2020-36389	In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.	5.33.2+dfsg1-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-h8py-d9w1-cubx Aliases: CVE-2020-36388	In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.	5.33.2+dfsg1-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T19:48:50.355626+00:00	Debian Oval Importer	Affected by	VCID-h8py-d9w1-cubx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:13:52.409450+00:00	Debian Oval Importer	Affected by	VCID-a2dz-vvxf-9ue8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:31:18.996672+00:00	Debian Oval Importer	Affected by	VCID-c4xs-9e81-uuaf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0