3 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-36388
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive. CVE-2020-36388 Note that Nessu...
DEBIAN-CVE-2020-36388
In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive...
CVE-2020-36388
CVE-2020-36388 affects CiviCRM: versions prior to 5.21.3 and 5.22.x through 5.24.x prior to 5.24.3 expose a crafted PHAR archive upload that enables arbitrary code execution. The root cause is vulnerability in handling PHAR archives which allows remote code execution when a user can upload a mali...