The vulnerability of the CiviCRM web-based contact tracking and interaction management system lies in the lack of restrictions on file downloads. This allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the CiviCRM contact tracking and interaction management web system is related to the ability to upload and execute PHAR archives. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data, compromise its integrity, and cause service failure...