GHSA-FG79-CR9C-7369 OpenMage LTS: Phar Deserialization leads to Remote Code Execution

PHP functions such as getimagesize, fileexists, and isreadable can trigger deserialization when processing phar:// stream wrapper paths. OpenMage LTS uses these functions with potentially controllable file paths during image validation and media handling. An attacker who can upload a malicious ph...

PT-2026-33796

Name of the Vulnerable Software and Affected Versions Magento Long Term Support LTS versions prior to 20.17.0 Description PHP functions such as getimagesize, file exists, and is readable can trigger deserialization when processing phar:// stream wrapper paths. The software uses these functions wi...

EUVD-2019-20103

phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Attackers can upload a crafted zip file containing serialized PHP objects that execute arbitrary code when...

CVE-2019-25685

phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Attackers can upload a crafted zip file containing serialized PHP objects that execute arbitrary code when...

PT-2026-30493

phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Attackers can upload a crafted zip file containing serialized PHP objects that execute arbitrary code when...

ownCloud < 10.15.2 Phar Stream Wrapper Vulnerability

ownCloud is prone to a phar stream wrapper vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud"; if...

EUVD-2015-3501

Malware in sbrugna...

EUVD-2022-2615

Malicious code in bioql PyPI...

GHSA-PQJM-XCP8-WGMM Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads

The eZ Platform and Legacy are affected by an issue related to how uploaded PHP and PHAR files are handled, and consists of two parts: 1. Web server configuration, and 2. Disabling the PHAR stream wrapper. 1. WEB SERVER CONFIGURATION The sample web server configuration in our documentation can in...

WordPress plugin Otter 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A code issue vulnerability exists in the WordPress...

GHSA-5M3W-RVVH-8FX6 Joomla! Object Injection Vulnerability

An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for object injection attacks because there is no protection mechanism such as the TYPO3 PHAR stream wrapper to prevent use of the phar:// handler for non .phar-files...

CVE-2021-36766

Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/singlepage/dashboard/system/environment/logging.php Logging::updatelogging method. User input passed through the logFile request parameter is not properly sanitized before being used in a ca...

Joomla! 1.7.x < 3.9.6 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A protection bypass exists in versions 3.9.3 to 3.9.5 within the Phar Stream Wrapper Interceptor due to path traversal - A cross-site scripting XSS vulnerability exists in...

Drupal 7.x < 7.67 Third-Party Libraries Vulnerability

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.67, 8.6.x prior to 8.6.16, or 8.7.x prior to 8.7.1. It is, therefore, affected by a path traversal vulnerability. This security release fixes third-party dependencies included in or...

Drupal 8.7.x < 8.7.1 Third-Party Libraries Vulnerability

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.67, 8.6.x prior to 8.6.16, or 8.7.x prior to 8.7.1. It is, therefore, affected by a path traversal vulnerability. This security release fixes third-party dependencies included in or...

[SECURITY] Fedora 30 Update: php-typo3-phar-stream-wrapper-3.1.1-1.fc30

Interceptors for PHP's native phar:// stream handling. Autoloader: /usr/share/php/TYPO3/PharStreamWrapper/autoload.php...

Fedora 30 : php-typo3-phar-stream-wrapper (2019-3c89837025)

3.1.1 - TYPO3-PSA-2019-007 / CVE-2019-11831 - TYPO3-PSA-2019-008 / CVE-2019-11830 - 3.1.0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...

Fedora 29 : php-typo3-phar-stream-wrapper (2019-d5f883429d)

3.1.1 - TYPO3-PSA-2019-007 / CVE-2019-11831 - TYPO3-PSA-2019-008 / CVE-2019-11830 - 3.1.0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...

Fedora 28 : php-typo3-phar-stream-wrapper (2019-4d93cf2b34)

3.1.1 - TYPO3-PSA-2019-007 / CVE-2019-11831 - TYPO3-PSA-2019-008 / CVE-2019-11830 - 3.1.0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...

Fedora Update for php-typo3-phar-stream-wrapper FEDORA-2019-4d93cf2b34

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...