CVE-2020-36388 — Unrestricted File Upload in Civicrm

Severity

8.8HIGHNVD

EPSS

0.7%

top 28.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJun 17

Latest updateMay 24

Description

In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

▶debiandebian/civicrm< civicrm 5.24.5+dfsg1-1 (bullseye)

▶NVDcivicrm/civicrm5.22.0 — 5.24.3+1

▶Debiancivicrm/civicrm< 5.24.5+dfsg1-1

GHSA

GHSA-rqh9-9xqh-854h: In CiviCRM before 5↗2022-05-24

▶

OSV

CVE-2020-36388: In CiviCRM before 5↗2021-06-17

▶

Debian

CVE-2020-36388: civicrm - In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be a...↗2020

▶