CVE-2007-2519
published 2007-05-22CVE-2007-2519: Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot…
PriorityP335medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
7.29%
93.6th percentile
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.
Affected
83 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | pear | <= 1.9.1 | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php_group | pear | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
vendor_ubuntu2.6LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
php-pear: symlink vulnerability in PEAR installer
vendor_redhat·2010-11-14·CVSS 6.8
CVE-2011-1072 [MEDIUM] php-pear: symlink vulnerability in PEAR installer
php-pear: symlink vulnerability in PEAR installer
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.
Package: php-pear (Red Hat Enterprise Linux 5) - Not affected
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2007-05-22·CVSS 2.6
CVE-2007-2509 [LOW] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: PHP vulnerabilities
A flaw was discovered in the FTP command handler in PHP. Commands were
not correctly filtered for control characters. An attacker could issue
arbitrary FTP commands using specially crafted arguments. (CVE-2007-2509)
Ilia Alshanetsky discovered a buffer overflow in the SOAP request handler
in PHP. Remote attackers could send a specially crafted SOAP request
and execute arbitrary code with web server privileges. (CVE-2007-2510)
Ilia Alshanetsky discovered a buffer overflow in the user filter factory
in PHP. A local attacker could create a specially crafted script and
execute arbitrary code with web server privileges. (CVE-2007-2511)
Gregory Beaver discovered that the PEAR installer did not validate
installation paths. If a user wer
Red Hat
php-pear install root constraint bypass
vendor_redhat·CVSS 6.8
CVE-2007-2519 [MEDIUM] php-pear install root constraint bypass
php-pear install root constraint bypass
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.
Statement: Installation of a PEAR package from an untrusted source could allow malicious code to be installed and potentially executed by the root user. This is true regardless of the existence of this particular bug in the PEAR installer, so the bug would not be treated as security-sens
GHSA
GHSA-pm7p-73v9-hmx9: The installer in PEAR before 1
ghsa_unreviewed·2022-05-13·CVSS 6.8
CVE-2011-1072 [MEDIUM] CWE-59 GHSA-pm7p-73v9-hmx9: The installer in PEAR before 1
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.
GHSA
GHSA-w4p3-mf5w-2mr6: Directory traversal vulnerability in the installer in PEAR 1
ghsa_unreviewed·2022-05-01
CVE-2007-2519 [MEDIUM] GHSA-w4p3-mf5w-2mr6: Directory traversal vulnerability in the installer in PEAR 1
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.
No detection rules found.
http://osvdb.org/42108http://pear.php.net/advisory-20070507.txthttp://pear.php.net/news/vulnerability2.phphttp://secunia.com/advisories/25372http://www.mandriva.com/security/advisories?name=MDKSA-2007:110http://www.securityfocus.com/bid/24111http://www.ubuntu.com/usn/usn-462-1http://www.vupen.com/english/advisories/2007/1926https://exchange.xforce.ibmcloud.com/vulnerabilities/34482http://osvdb.org/42108http://pear.php.net/advisory-20070507.txthttp://pear.php.net/news/vulnerability2.phphttp://secunia.com/advisories/25372http://www.mandriva.com/security/advisories?name=MDKSA-2007:110http://www.securityfocus.com/bid/24111http://www.ubuntu.com/usn/usn-462-1http://www.vupen.com/english/advisories/2007/1926https://exchange.xforce.ibmcloud.com/vulnerabilities/34482
2007-05-22
Published