8 matches found
CVE-2019-19826
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/viewshandlerfilterdynamicfields.inc, as demonstrated by PHP object injection, involving a fieldnames object and an ArchiveTar object, for file deletion. Code execution might also be...
The vulnerability of the handlers/views_handler_filter_dynamic_fields.inc component in the Drupal Views Dynamic Fields module allows a hacker to execute arbitrary code.
The vulnerability of the handlers/viewshandlerfilterdynamicfields.inc component in the Drupal “Views Dynamic Fields” module is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code...
CVE-2019-19826
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/viewshandlerfilterdynamicfields.inc, as demonstrated by PHP object injection, involving a fieldnames object and an ArchiveTar object, for file deletion. Code execution might also be...
CVE-2019-19826
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/viewshandlerfilterdynamicfields.inc, as demonstrated by PHP object injection, involving a fieldnames object and an ArchiveTar object, for file deletion. Code execution might also be...
Arbitrary file deletion
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/viewshandlerfilterdynamicfields.inc, as demonstrated by PHP object injection, involving a fieldnames object and an ArchiveTar object, for file deletion. Code execution might also be...
CVE-2019-19826
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/viewshandlerfilterdynamicfields.inc, as demonstrated by PHP object injection, involving a fieldnames object and an ArchiveTar object, for file deletion. Code execution might also be...
CVE-2019-19826
The CVE refers to Drupal’s Views Dynamic Fields module (7.x-1.0-alpha4). It insecurely unserializes data in handlers/views_handler_filter_dynamic_fields.inc, enabling PHP object injection via a field_names object and an Archive_Tar object, with file deletion as an example. This could lead to code...
Views Dynamic Fields Code Issue Vulnerability
Drupal is the Drupal community of a set of open source content management system developed using the PHP language . Views Dynamic Fields is used in one of the field filtering display module . A code issue vulnerability exists in Drupal Views Dynamic Fields 7.x-1.0-alpha4 and earlier versions for...