cbcvebase.
CVE-2007-2519
published 2007-05-22

CVE-2007-2519: Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot…

PriorityP335medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
7.29%
93.6th percentile
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.

Affected

83 ranges· showing 25
VendorProductVersion rangeFixed in
phppear<= 1.9.1
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
php_grouppear

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
vendor_ubuntu2.6LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.