CVE-2020-36388

HIGH8.8EPSS 0.66%

Published: 6/17/2021Modified: 3/6/2024

Also known as:BIT-civicrm-2020-36388

Description

In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H