In bibliotheca
The library was developed by the creators of the CMS TYPO3, but is also used in Drupal and Joomla projects, which makes them also susceptible to vulnerabilities. Exitus fixa solvo
Ex parte practica, vulnerabilitas in PharStreamWapper permittit utentis drupal Core cum 'thema administrandi' permissiones ut maliciam phar fasciculi immittant et efficiant PHP codicem in eo contentum sub habitu legitimi phar archivi exsecutioni mandari. Memini oppugnationis "Phar deserializationis" essentiam esse quod cum oneratas tabulas subsidiorum PHP functionis file_existit(), hoc munus automatice metadata a pharyngis (PHP Archive) deseriatur cum semitas ab "phar://" incipientes. . Fasciculum phar instar imago transferre potest, quia tabella_existit() functionis genus MIME per contentum, non per extensionem determinat.
Source: opennet.ru