Vulnerabilities > Html Quickform Project

DATE CVE VULNERABILITY TITLE RISK
2018-07-23 CVE-2018-1999022 Code Injection vulnerability in multiple products
PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_QuickForm_element's _prepareValue method.
network
low complexity
html-quickform-project civicrm CWE-94
critical
9.8