mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 01:04:30 +00:00
867 B
867 B
CVE-2019-19826
Description
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion. Code execution might also be possible.
POC
Reference
- https://www.drupal.org/project/views_dynamic_fields/issues/3056600
- https://www.drupal.org/project/views_dynamic_fields/issues/3056600
Github
No PoCs found on GitHub currently.