vendor:
CraftCMS 3 vCard Plugin
by:
Wade Guest
9.8
CVSS
HIGH
Remote Code Execution
502
CWE
Product Name: CraftCMS 3 vCard Plugin
Affected Version From: 1.0.0
Affected Version To: 1.0.0
Patch Exists: YES
Related CWE: N/A
CPE: a:craftcms:craftcms_3_vcard_plugin:1.0.0
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Ubuntu 19.10 / PHP 7.3.11
2020
CraftCMS 3 vCard Plugin 1.0.0 – Remote Code Execution
CraftCMS 3 vCard Plugin 1.0.0 is vulnerable to a deserialization vulnerability which can be exploited to achieve remote code execution. An attacker can craft a malicious payload and send it to the vulnerable endpoint to execute arbitrary code on the server.
Mitigation:
Upgrade to the latest version of CraftCMS 3 vCard Plugin 1.0.0 or later.
