Vulnerabilities > Civicrm > Civicrm > 4.2.13
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-17 | CVE-2020-36388 | Unrestricted Upload of File with Dangerous Type vulnerability in Civicrm In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive. | 8.8 |
| 2018-07-23 | CVE-2018-1999022 | Code Injection vulnerability in multiple products PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_QuickForm_element's _prepareValue method. | 7.5 |