Description
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
Remediation
References
Related Vulnerabilities
WordPress Plugin Testimonial Slider Cross-Site Scripting (1.2.1)
Roundcube Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-12626)
WordPress Plugin Pondol Carousel Cross-Site Scripting (1.0)
WordPress Plugin Featured Video Plus Unspecified Vulnerability (2.2.3)
MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-0367)