Seamus Lee

**Name of the Vulnerable Software and Affected Versions** CiviCRM versions 5.22.x through 5.24.x before 5.24.3 CiviCRM versions prior to 5.21.3 **Description** The issue in CiviCRM is related to the possibility of uploading and executing PHAR archives. Exploitation of this issue may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For CiviCRM versions prior to 5.21.3, update to version 5.21.3 or later. For CiviCRM versions 5.22.x through 5.24.x before 5.24.3, update to version 5.24.3 or later. As a temporary workaround, consider restricting the ability to upload and execute PHAR archives until a patch is available.