logo

Database

Lack of data validation In civicrm

Description

In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2020-363882. NVD-2020-363883. OSV-DEBIAN-2020-363884. OSV-2020-363885. SECURITY-TRACKER-CVE-2020-36388

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.