CVE-2018-17057

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Date published : 2018-09-14

https://www.exploit-db.com/exploits/46634/

http://seclists.org/fulldisclosure/2019/Mar/36