CVE-2011-1144

CWE-597 documents6 sources
Severity
3.3LOW
EPSS
0.1%
top 69.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
PHP Pear
Timeline
PublishedMar 3
Latest updateMay 13

Description

The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072.

CVSS vector

AV:L/AC:M/C:N/I:P/A:PExploitability: 3.4 | Impact: 4.9

Affected Packages1 packages

NVDphp/pear1.9.2+24

🔴Vulnerability Details

2
GHSA
GHSA-m3xj-59h7-ggx6: The installer in PEAR 12022-05-13
CVEList
CVE-2011-1144: The installer in PEAR 12011-03-03

📋Vendor Advisories

3
Ubuntu
PHP Regressions2011-05-05
Ubuntu
PHP vulnerabilities2011-04-29
Red Hat
php-pear: symlink vulnerability in PEAR installer2010-11-14

💬Community

1
Bugzilla
CVE-2011-1072 CVE-2011-1144 php-pear: symlink vulnerability in PEAR installer2011-03-03
CVE-2011-1144 (LOW CVSS 3.3) | The installer in PEAR 1.9.2 and ear | cvebase.io