Multiple content management systems including Drupal, Joomla and Typo3 are open to a vulnerability that can lead to arbitrary code execution on some systems. The flaw (CVE-2019-11831) exists in the phar stream wrapper component used in PHP-driven projects. The impact of the bug on each platform varies by platform, researcher Daniel le Gall said. For Drupal, the vulnerability was rated moderately critical as it is used in several Drupal versions.
Source: https://threatpost.com/drupal-typo3-joomla-phar-flaw/144526/