cbcvebase.
CVE-2011-1072
published 2011-03-03

CVE-2011-1072: The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1)…

PriorityP411low3.3CVSS 2.0
AVLACMAuNCNIPAP
EPSS
0.49%
38.5th percentile
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.

Affected

26 ranges· showing 25
VendorProductVersion rangeFixed in
phppear<= 1.9.2
phppear<= 1.9.1
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear

CVSS provenance

nvdv2.03.3LOWAV:L/AC:M/Au:N/C:N/I:P/A:P
vendor_redhat6.8MEDIUM
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.