CVE-2019-19826

The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion. Code execution might also be possible.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:drupal:views_dynamic_field:*:*:*:*:*:drupal:*:*
cpe:2.3:a:drupal:views_dynamic_field:7.x-1.0:alpha1:*:*:*:drupal:*:*
cpe:2.3:a:drupal:views_dynamic_field:7.x-1.0:alpha2:*:*:*:drupal:*:*
cpe:2.3:a:drupal:views_dynamic_field:7.x-1.0:alpha3:*:*:*:drupal:*:*
cpe:2.3:a:drupal:views_dynamic_field:7.x-1.0:alpha4:*:*:*:drupal:*:*

Information

Published : 2019-12-16 15:15

Updated : 2019-12-27 08:49


NVD link : CVE-2019-19826

Mitre link : CVE-2019-19826


JSON object : View

CWE
CWE-502

Deserialization of Untrusted Data

Advertisement

dedicated server usa

Products Affected

drupal

  • views_dynamic_field