CVE-2019-19826
First published: Mon Dec 16 2019(Updated: )
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion. Code execution might also be possible.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Drupal Views Dynamic Field | <=6.x-1.4 | |
| Drupal Views Dynamic Field | =7.x-1.0-alpha1 | |
| Drupal Views Dynamic Field | =7.x-1.0-alpha2 | |
| Drupal Views Dynamic Field | =7.x-1.0-alpha3 | |
| Drupal Views Dynamic Field | =7.x-1.0-alpha4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/drupal
- canonical/drupal views dynamic field
- version/drupal views dynamic field/6.x-1.4
- version/drupal views dynamic field/7.x-1.0-alpha1
- version/drupal views dynamic field/7.x-1.0-alpha2
- version/drupal views dynamic field/7.x-1.0-alpha3
- version/drupal views dynamic field/7.x-1.0-alpha4