Description
An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files.
Remediation
References
Related Vulnerabilities
WordPress Plugin OnePress Social Locker Multiple Unspecified Vulnerabilities (4.2.5)
Apache Tomcat Configuration Vulnerability (CVE-2010-4312)
WordPress Plugin Related YouTube Videos Cross-Site Request Forgery (1.9.8)
Internet Information Services Other Vulnerability (CVE-2001-0544)
WordPress Plugin Gallery-Flagallery Photo Portfolio Cross-Site Request Forgery (3.01)