CVE-2020-4043

Name of the Vulnerable Software and Affected Versions phpMussel versions 1.0.0 through 1.5.x

Description The issue is an unserialization vulnerability in PHP's phar wrapper, allowing arbitrary code execution when a specially crafted file is uploaded to an affected version. The risk factor is very high. Newer phpMussel versions are unaffected as they do not use PHP's phar wrapper.

Recommendations For versions 1.0.0 through 1.5.x, upgrade to at least version 1.6.0 to resolve the problem. However, upgrading to the latest available version is recommended to protect against potential future vulnerabilities. As a temporary workaround, consider disabling archive checking by setting check archives to false in the package's configuration to avoid execution of the affected parts of the codebase.