With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database.
Anyone running the impacted versions (<=6.1.1, 6.2.0, >=7.0.0, <=7.1.1) should upgrade as soon as possible.
Patches
The problem has been patched in the following versions: 6.1.2, 6.2.1, and 7.2.0
Users are strongly urged to upgrade to the most recent relevant patch.
Impact
With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database.
Anyone running the impacted versions (<=6.1.1, 6.2.0, >=7.0.0, <=7.1.1) should upgrade as soon as possible.
Patches
The problem has been patched in the following versions: 6.1.2, 6.2.1, and 7.2.0
Users are strongly urged to upgrade to the most recent relevant patch.
Workarounds
There are no workarounds.
General References
https://www.w3schools.com/sql/sql_injection.asp
https://en.wikipedia.org/wiki/SQL_injection
For more information
Post any questions to the Arches project forum.