2 matches found
CVE-2019-19826
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/viewshandlerfilterdynamicfields.inc, as demonstrated by PHP object injection, involving a fieldnames object and an ArchiveTar object, for file deletion. Code execution might also be...
CVE-2019-19826
The CVE refers to Drupal’s Views Dynamic Fields module (7.x-1.0-alpha4). It insecurely unserializes data in handlers/views_handler_filter_dynamic_fields.inc, enabling PHP object injection via a field_names object and an Archive_Tar object, with file deletion as an example. This could lead to code...