Description
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
Remediation
References
Related Vulnerabilities
Liferay Portal Missing Authorization Vulnerability (CVE-2023-33948)
WordPress Plugin wp-tmkm-amazon Cross-Site Scripting (1.5b)
MySQL CVE-2017-3641 Vulnerability (CVE-2017-3641)
WordPress Plugin Fast Velocity Minify Information Disclosure (2.7.6)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1862)