Published: 22/05/2007 Updated: 29/07/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Directory traversal vulnerability in the installer in PEAR 1.0 up to and including 1.5.3 allows user-assisted remote malicious users to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php group pear 1.2b2
php group pear 1.2b3
php group pear 1.3.5
php group pear 1.1
php group pear 1.2
php group pear 1.3
php group pear 1.3.1
php group pear 1.3.3
php group pear 1.3b3
php group pear 1.3b5
php group pear 1.4.0a2
php group pear 1.4.0a3
php group pear 1.0
php group pear 1.0.1
php group pear 1.2b4
php group pear 1.2b5
php group pear 1.3b1
php group pear 1.3b2
php group pear 1.4.0a11
php group pear 1.4.0a12
php group pear 1.4.0a8
php group pear 1.4.0a9
php group pear 1.4.0b1
php group pear 1.4.11
php group pear 1.4.2
php group pear 1.4.9
php group pear 1.5.0
php group pear 1.5.3
php group pear 1.4.0b2
php group pear 1.4.0rc1
php group pear 1.4.3
php group pear 1.4.4
php group pear 1.5.0a1
php group pear 1.5.0rc1
php group pear 1.2.1
php group pear 1.2b1
php group pear 1.3.3.1
php group pear 1.3.4
php group pear 1.3b6
php group pear 1.4.0
php group pear 1.4.0a4
php group pear 1.4.0a5
php group pear 1.4.0rc2
php group pear 1.4.1
php group pear 1.4.5
php group pear 1.4.6
php group pear 1.5.0rc2
php group pear 1.5.0rc3
php group pear 1.3.6
php group pear 1.4.0a1
php group pear 1.4.0a10
php group pear 1.4.0a6
php group pear 1.4.0a7
php group pear 1.4.10
php group pear 1.4.10rc1
php group pear 1.4.7
php group pear 1.4.8
php group pear 1.5.1
php group pear 1.5.2

Debian Bug report logs - #441433 CVE-2007-3806, CVE-2007-2519 and CVE-2007-3799 Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Sun, 9 Sep 2007 19:30:02 UTC Severit ...

A flaw was discovered in the FTP command handler in PHP Commands were not correctly filtered for control characters An attacker could issue arbitrary FTP commands using specially crafted arguments (CVE-2007-2509) ...

source: wwwsecurityfocuscom/bid/24111/info PEAR is prone to a vulnerability that lets attackers overwrite arbitrary files An attacker-supplied package may supply directory-traversal strings through the 'install-as' attribute to create and overwrite files in arbitrary locations This issue affects PEAR 10 to 153 create a file name ...

NVD-CWE-Other http://pear.php.net/advisory-20070507.txt http://pear.php.net/news/vulnerability2.php http://www.mandriva.com/security/advisories?name=MDKSA-2007:110 http://www.ubuntu.com/usn/usn-462-1 http://www.securityfocus.com/bid/24111 http://secunia.com/advisories/25372 http://osvdb.org/42108 http://www.vupen.com/english/advisories/2007/1926 https://exchange.xforce.ibmcloud.com/vulnerabilities/34482 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441433 https://usn.ubuntu.com/462-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/30074/

CVE-2007-2519

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect