1 results (0.004 seconds)
CVSS: 9.8EPSS: 3%CPEs: 5EXPL: 0
CVSS: 9.8EPSS: 3%CPEs: 5EXPL: 0CVE-2019-19826
https://notcve.org/view.php?id=CVE-2019-19826
16 Dec 2019 — The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion. Code execution might also be possible. El módulo Views Dynamic Fields versiones hasta 7.x-1.0-alpha4 para Drupal, realiza llamadas no serializadas no seguras en el archivo handlers/views_handler_filter_dynamic_fields.inc, como es demostrado m... • https://www.drupal.org/project/views_dynamic_fields/issues/3056600 • CWE-502: Deserialization of Untrusted Data •