Php Pear vulnerabilities

5 known vulnerabilities affecting php/pear.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1LOW2

Vulnerabilities

Page 1 of 1
CVE-2017-5630HIGHCVSS 7.5PoCv1.10.12017-02-01
CVE-2017-5630 [HIGH] CWE-74 CVE-2017-5630: PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate fi PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.
nvd
CVE-2011-1144LOWCVSS 3.3≤ 1.9.2v0.2.2+23 more2011-03-03
CVE-2011-1144 [LOW] CVE-2011-1144: The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlin The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072.
nvd
CVE-2011-1072LOWCVSS 3.3≤ 1.9.1v0.2.2+22 more2011-03-03
CVE-2011-1072 [LOW] CWE-59 CVE-2011-1072: The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink att The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.
nvd
CVE-2006-0144HIGHCVSS 7.5v0.2.22006-01-09
CVE-2006-0144 [HIGH] CWE-94 CVE-2006-0144: The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote at The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
nvd
CVE-2005-4154MEDIUMCVSS 5.1≤ 1.4.2v0.9+17 more2005-12-11
CVE-2005-4154 [MEDIUM] CVE-2005-4154: Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to exec Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded.
nvd