WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Deserialization of Untrusted Data Vulnerability (CVE-2020-28948)

Description

Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.

Remediation

References

Related Vulnerabilities

MySQL CVE-2019-2624 Vulnerability (CVE-2019-2624)

MySQL CVE-2016-0667 Vulnerability (CVE-2016-0667)

PHP error logging format string vulnerability

WordPress Plugin ThemeGrill Demo Importer Cross-Site Request Forgery (1.6.2)

MySQL CVE-2017-3634 Vulnerability (CVE-2017-3634)

Severity

High

Classification

CVE-2020-28948 CWE-502 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities