Description
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
Remediation
References
Related Vulnerabilities
WordPress Plugin RSVPMaker SQL Injection (9.2.6)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-3946)
WordPress Plugin Easy Comment Uploads 'upload.php' Arbitrary File Upload (0.61)
WordPress Plugin AskApache Firefox Adsense Cross-Site Request Forgery (3.0)
WordPress Plugin FAQ Multiple Cross-Site Scripting Vulnerabilities (1.0.14)