Max CVSS | 6.8 | Min CVSS | 6.5 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2020-13671 | 6.5 |
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affec
|
24-07-2024 - 16:44 | 20-11-2020 - 16:15 | |
CVE-2020-28949 | 6.8 |
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
|
28-06-2024 - 14:06 | 19-11-2020 - 19:15 | |
CVE-2020-28948 | 6.8 |
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
|
30-03-2022 - 14:32 | 19-11-2020 - 19:15 |