cbcvebase.
CVE-2011-1144
published 2011-03-03

CVE-2011-1144: The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1)…

PriorityP410low3.3CVSS 2.0
AVLACMAuNCNIPAP
EPSS
0.31%
22.8th percentile
The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072.

Affected

25 ranges
VendorProductVersion rangeFixed in
phppear<= 1.9.2
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear
phppear

CVSS provenance

nvdv2.03.3LOWAV:L/AC:M/Au:N/C:N/I:P/A:P
vendor_ubuntu5.0MEDIUM
vendor_redhat3.3LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.