Description
The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar.c.
Remediation
References
Related Vulnerabilities
WordPress Plugin Service Area Postcode Checker Cross-Site Scripting (2.0.8)
Oracle HTTP Server NULL Pointer Dereference Vulnerability (CVE-2019-10097)
WordPress Plugin Portfolio Gallery-Photo Gallery Multiple Unspecified Vulnerabilities (2.0.72)
Apache HTTP Server Numeric Errors Vulnerability (CVE-2009-1956)