CVE-2018-1000888HIGHCVSS 8.8PoC≤ 1.4.32018-12-28
CVE-2018-1000888 [HIGH] CWE-502 CVE-2018-1000888: PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_
PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar file with `ph
nvd