2026-02-03 22:01:40
VulnCheck
PUBLISHED
CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugins vCard download functionality with a specially crafted request.