CVE-2007-2519
PHP PEAR 1.5.3 - INSTALL-AS Attribute Arbitrary File Overwrite
Severity Score
8.1
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.
Vulnerabilidad de salto de directorio en el instalador en PEAR 1.0 hasat 1.5.3 permite a atacantes remotos con la intervención del usuario sobrescribir archivos de su elección mediante una secuencia .. (punto punto) en (1) el atributo install-as en el elemento fichero (file) en package.xml 1.0 o (2) el atributo as en el elemento instación (install) en package.xml 2.0. NOTA: podría argumentarse que esto no cruza los límites de privilegios en instalaciones típicas, puesto que el código que está siendo instalado podría realizar las mismas acciones.
A flaw was discovered in the FTP command handler in PHP. Commands were not correctly filtered for control characters. An attacker could issue arbitrary FTP commands using specially crafted arguments. Ilia Alshanetsky discovered a buffer overflow in the SOAP request handler in PHP. Remote attackers could send a specially crafted SOAP request and execute arbitrary code with web server privileges. Ilia Alshanetsky discovered a buffer overflow in the user filter factory in PHP. A local attacker could create a specially crafted script and execute arbitrary code with web server privileges. Gregory Beaver discovered that the PEAR installer did not validate installation paths. If a user were tricked into installing a malicious PEAR package, an attacker could overwrite arbitrary files.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-05-07 CVE Reserved
- 2007-05-22 CVE Published
- 2013-12-06 First Exploit
- 2024-08-07 CVE Updated
- 2025-05-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/42108 | Vdb Entry | |
| http://pear.php.net/news/vulnerability2.php | X_refsource_confirm | |
| http://secunia.com/advisories/25372 | Third Party Advisory | |
| http://www.securityfocus.com/bid/24111 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/1926 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34482 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/30074 | 2013-12-06 | |
| http://pear.php.net/advisory-20070507.txt | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDKSA-2007:110 | 2017-07-29 | |
| http://www.ubuntu.com/usn/usn-462-1 | 2017-07-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.0 Search vendor "Php Group" for product "Pear" and version "1.0" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.0.1 Search vendor "Php Group" for product "Pear" and version "1.0.1" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.1 Search vendor "Php Group" for product "Pear" and version "1.1" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.2 Search vendor "Php Group" for product "Pear" and version "1.2" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.2.1 Search vendor "Php Group" for product "Pear" and version "1.2.1" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.2b1 Search vendor "Php Group" for product "Pear" and version "1.2b1" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.2b2 Search vendor "Php Group" for product "Pear" and version "1.2b2" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.2b3 Search vendor "Php Group" for product "Pear" and version "1.2b3" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.2b4 Search vendor "Php Group" for product "Pear" and version "1.2b4" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.2b5 Search vendor "Php Group" for product "Pear" and version "1.2b5" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.3 Search vendor "Php Group" for product "Pear" and version "1.3" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.3.1 Search vendor "Php Group" for product "Pear" and version "1.3.1" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.3.3 Search vendor "Php Group" for product "Pear" and version "1.3.3" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.3.3.1 Search vendor "Php Group" for product "Pear" and version "1.3.3.1" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.3.4 Search vendor "Php Group" for product "Pear" and version "1.3.4" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.3.5 Search vendor "Php Group" for product "Pear" and version "1.3.5" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.3.6 Search vendor "Php Group" for product "Pear" and version "1.3.6" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.3b1 Search vendor "Php Group" for product "Pear" and version "1.3b1" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.3b2 Search vendor "Php Group" for product "Pear" and version "1.3b2" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.3b3 Search vendor "Php Group" for product "Pear" and version "1.3b3" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.3b5 Search vendor "Php Group" for product "Pear" and version "1.3b5" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.3b6 Search vendor "Php Group" for product "Pear" and version "1.3b6" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.0 Search vendor "Php Group" for product "Pear" and version "1.4.0" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.0a1 Search vendor "Php Group" for product "Pear" and version "1.4.0a1" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.0a2 Search vendor "Php Group" for product "Pear" and version "1.4.0a2" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.0a3 Search vendor "Php Group" for product "Pear" and version "1.4.0a3" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.0a4 Search vendor "Php Group" for product "Pear" and version "1.4.0a4" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.0a5 Search vendor "Php Group" for product "Pear" and version "1.4.0a5" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.0a6 Search vendor "Php Group" for product "Pear" and version "1.4.0a6" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.0a7 Search vendor "Php Group" for product "Pear" and version "1.4.0a7" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.0a8 Search vendor "Php Group" for product "Pear" and version "1.4.0a8" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.0a9 Search vendor "Php Group" for product "Pear" and version "1.4.0a9" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.0a10 Search vendor "Php Group" for product "Pear" and version "1.4.0a10" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.0a11 Search vendor "Php Group" for product "Pear" and version "1.4.0a11" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.0a12 Search vendor "Php Group" for product "Pear" and version "1.4.0a12" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.0b1 Search vendor "Php Group" for product "Pear" and version "1.4.0b1" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.0b2 Search vendor "Php Group" for product "Pear" and version "1.4.0b2" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.0rc1 Search vendor "Php Group" for product "Pear" and version "1.4.0rc1" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.0rc2 Search vendor "Php Group" for product "Pear" and version "1.4.0rc2" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.1 Search vendor "Php Group" for product "Pear" and version "1.4.1" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.2 Search vendor "Php Group" for product "Pear" and version "1.4.2" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.3 Search vendor "Php Group" for product "Pear" and version "1.4.3" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.4 Search vendor "Php Group" for product "Pear" and version "1.4.4" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.5 Search vendor "Php Group" for product "Pear" and version "1.4.5" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.6 Search vendor "Php Group" for product "Pear" and version "1.4.6" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.7 Search vendor "Php Group" for product "Pear" and version "1.4.7" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.8 Search vendor "Php Group" for product "Pear" and version "1.4.8" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.9 Search vendor "Php Group" for product "Pear" and version "1.4.9" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.10 Search vendor "Php Group" for product "Pear" and version "1.4.10" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.10rc1 Search vendor "Php Group" for product "Pear" and version "1.4.10rc1" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.4.11 Search vendor "Php Group" for product "Pear" and version "1.4.11" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.5.0 Search vendor "Php Group" for product "Pear" and version "1.5.0" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.5.0a1 Search vendor "Php Group" for product "Pear" and version "1.5.0a1" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.5.0rc1 Search vendor "Php Group" for product "Pear" and version "1.5.0rc1" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.5.0rc2 Search vendor "Php Group" for product "Pear" and version "1.5.0rc2" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.5.0rc3 Search vendor "Php Group" for product "Pear" and version "1.5.0rc3" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.5.1 Search vendor "Php Group" for product "Pear" and version "1.5.1" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.5.2 Search vendor "Php Group" for product "Pear" and version "1.5.2" | - |
Affected
| ||||||
| Php Group Search vendor "Php Group" | Pear Search vendor "Php Group" for product "Pear" | 1.5.3 Search vendor "Php Group" for product "Pear" and version "1.5.3" | - |
Affected
| ||||||