Security Advisory

CVE-2020-37071

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-03 22:01:40

Last updated 2026-02-04 19:05:44

Assigner VulnCheck

State PUBLISHED

Description

CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugins vCard download functionality with a specially crafted request.

← Browse all CVEs View on cve.org ↗