Max CVSS 6.8 Min CVSS 6.5 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2020-28949 6.8
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
25-09-2021 - 01:15 19-11-2020 - 19:15
CVE-2020-28948 6.8
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
25-09-2021 - 01:15 19-11-2020 - 19:15
CVE-2020-13671 6.5
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affec
15-12-2020 - 04:15 20-11-2020 - 16:15
Back to Top Mark selected
Back to Top