CVE-2019-19826 is a vulnerability in Drupal Views Dynamic Field
Published on December 16, 2019
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion. Code execution might also be possible.
Products Associated with CVE-2019-19826
Want to know whenever a new CVE is published for Drupal Views Dynamic Field? stack.watch will email you.
Exploit Probability
EPSS
1.55%
Percentile
81.14%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.