Craft Cms · Craft Cms · CVE-2020-37071
**Name of the Vulnerable Software and Affected Versions**
CraftCMS 3 vCard Plugin version 1.0.0
**Description**
A deserialization issue exists in the vCard download functionality. This allows unauthenticated attackers to execute arbitrary PHP code by sending a specially crafted request containing a malicious serialized payload.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.