Description
An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files.
Remediation
References
Related Vulnerabilities
LimeSurvey CVE-2009-1604 Vulnerability (CVE-2009-1604)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1429)
WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.30)
Sqlite Improper Handling of Exceptional Conditions Vulnerability (CVE-2019-19924)
WordPress Plugin WordPress Landing Pages Unspecified Vulnerability (1.8.1)