Arbitrary Code Execution via Crafted PHAR Archive Upload in CiviCRM

Arbitrary Code Execution via Crafted PHAR Archive Upload in CiviCRM

CVE-2020-36388 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.

Learn more about our Crm Penetration Testing.