Vulnerabilities > CVE-2019-19826 - Deserialization of Untrusted Data vulnerability in Drupal Views Dynamic Field
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion. Code execution might also be possible.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 11 |