CVSS: 6.8EPSS: 5%CPEs: 59EXPL: 2CVE-2007-2519 – PHP PEAR 1.5.3 - INSTALL-AS Attribute Arbitrary File Overwrite
https://notcve.org/view.php?id=CVE-2007-2519
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions. Vulnerabilidad de salto de directorio en el instalador en PEAR 1.0 hasat 1.5.3 permite a atacantes remotos con la intervención del usuario sobrescribir archivos de su elección mediante una secuencia .. (punto punto) en (1) el atributo install-as en el elemento fichero (file) en package.xml 1.0 o (2) el atributo as en el elemento instación (install) en package.xml 2.0. • https://www.exploit-db.com/exploits/30074 http://osvdb.org/42108 http://pear.php.net/advisory-20070507.txt http://pear.php.net/news/vulnerability2.php http://secunia.com/advisories/25372 http://www.mandriva.com/security/advisories?name=MDKSA-2007:110 http://www.securityfocus.com/bid/24111 http://www.ubuntu.com/usn/usn-462-1 http://www.vupen.com/english/advisories/2007/1926 https://exchange.xforce.ibmcloud.com/vulnerabilities/34482 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4731
https://notcve.org/view.php?id=CVE-2005-4731
The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote attackers to obtain the SID via an HTTP Referer field and possibly other vectors. • http://pear.php.net/bugs/bug.php?id=3443 http://pear.php.net/package/HTML_QuickForm_Controller/download http://www.osvdb.org/23766 •