CVE-2006-0144

CWE-94Code Injection3 documents3 sources
Severity
7.5HIGH
EPSS
1.5%
top 19.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
PHP Pear
Timeline
PublishedJan 9
Latest updateMay 1

Description

The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDphp/pear0.2.2

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-j5qr-fr9w-5pj5: The proxy server feature in go-pear2022-05-01
CVEList
CVE-2006-0144: The proxy server feature in go-pear2006-01-09
CVE-2006-0144 (HIGH CVSS 7.5) | The proxy server feature in go-pear | cvebase.io