Critical severity9.8NVD Advisory· Published Feb 3, 2026· Updated Apr 15, 2026
CVE-2020-37071
CVE-2020-37071
Description
CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugin's vCard download functionality with a specially crafted request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: = 1.0.0
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.