Description
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
Remediation
References
Related Vulnerabilities
WordPress Plugin Chronoforms Cross-Site Request Forgery (7.0.9)
WordPress Plugin Facebook Members Cross-Site Request Forgery (5.0.4)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-1476)
Jenkins Missing Authorization Vulnerability (CVE-2024-43045)
WordPress Plugin Viral Quiz Maker-OnionBuzz SQL Injection (1.2.1)