Vulnerabilities > Drupal > Views Dynamic Field

DATE CVE VULNERABILITY TITLE RISK
2019-12-16 CVE-2019-19826 Deserialization of Untrusted Data vulnerability in Drupal Views Dynamic Field
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion.
network
low complexity
drupal CWE-502
critical
9.8