CVE-2020-28948

This repository provides references to CVE-2020-28948 and CVE-2020-28949, which involve PHP unserialize vulnerabilities in the PEAR Archive_Tar library. It links to external resources for further technical details but does not contain exploit code.

The repository contains a Dockerfile and docker-compose.yml but no actual exploit code. It references an external POC link and lacks technical details about the vulnerability.

This repository contains functional exploit code for CVE-2020-28948 and CVE-2020-28949, demonstrating PHAR deserialization and inclusion attacks against the Archive_Tar library. The PoC includes scripts to generate malicious tar archives that trigger arbitrary file deletion and remote code execution.