// For flags

CVE-2007-2519

PHP PEAR 1.5.3 - INSTALL-AS Attribute Arbitrary File Overwrite

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.

Vulnerabilidad de salto de directorio en el instalador en PEAR 1.0 hasat 1.5.3 permite a atacantes remotos con la intervención del usuario sobrescribir archivos de su elección mediante una secuencia .. (punto punto) en (1) el atributo install-as en el elemento fichero (file) en package.xml 1.0 o (2) el atributo as en el elemento instación (install) en package.xml 2.0. NOTA: podría argumentarse que esto no cruza los límites de privilegios en instalaciones típicas, puesto que el código que está siendo instalado podría realizar las mismas acciones.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-05-07 CVE Reserved
  • 2007-05-07 First Exploit
  • 2007-05-22 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-25 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.0
Search vendor "Php Group" for product "Pear" and version "1.0"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.0.1
Search vendor "Php Group" for product "Pear" and version "1.0.1"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.1
Search vendor "Php Group" for product "Pear" and version "1.1"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.2
Search vendor "Php Group" for product "Pear" and version "1.2"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.2.1
Search vendor "Php Group" for product "Pear" and version "1.2.1"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.2b1
Search vendor "Php Group" for product "Pear" and version "1.2b1"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.2b2
Search vendor "Php Group" for product "Pear" and version "1.2b2"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.2b3
Search vendor "Php Group" for product "Pear" and version "1.2b3"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.2b4
Search vendor "Php Group" for product "Pear" and version "1.2b4"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.2b5
Search vendor "Php Group" for product "Pear" and version "1.2b5"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.3
Search vendor "Php Group" for product "Pear" and version "1.3"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.3.1
Search vendor "Php Group" for product "Pear" and version "1.3.1"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.3.3
Search vendor "Php Group" for product "Pear" and version "1.3.3"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.3.3.1
Search vendor "Php Group" for product "Pear" and version "1.3.3.1"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.3.4
Search vendor "Php Group" for product "Pear" and version "1.3.4"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.3.5
Search vendor "Php Group" for product "Pear" and version "1.3.5"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.3.6
Search vendor "Php Group" for product "Pear" and version "1.3.6"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.3b1
Search vendor "Php Group" for product "Pear" and version "1.3b1"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.3b2
Search vendor "Php Group" for product "Pear" and version "1.3b2"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.3b3
Search vendor "Php Group" for product "Pear" and version "1.3b3"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.3b5
Search vendor "Php Group" for product "Pear" and version "1.3b5"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.3b6
Search vendor "Php Group" for product "Pear" and version "1.3b6"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.0
Search vendor "Php Group" for product "Pear" and version "1.4.0"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.0a1
Search vendor "Php Group" for product "Pear" and version "1.4.0a1"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.0a2
Search vendor "Php Group" for product "Pear" and version "1.4.0a2"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.0a3
Search vendor "Php Group" for product "Pear" and version "1.4.0a3"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.0a4
Search vendor "Php Group" for product "Pear" and version "1.4.0a4"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.0a5
Search vendor "Php Group" for product "Pear" and version "1.4.0a5"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.0a6
Search vendor "Php Group" for product "Pear" and version "1.4.0a6"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.0a7
Search vendor "Php Group" for product "Pear" and version "1.4.0a7"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.0a8
Search vendor "Php Group" for product "Pear" and version "1.4.0a8"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.0a9
Search vendor "Php Group" for product "Pear" and version "1.4.0a9"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.0a10
Search vendor "Php Group" for product "Pear" and version "1.4.0a10"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.0a11
Search vendor "Php Group" for product "Pear" and version "1.4.0a11"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.0a12
Search vendor "Php Group" for product "Pear" and version "1.4.0a12"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.0b1
Search vendor "Php Group" for product "Pear" and version "1.4.0b1"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.0b2
Search vendor "Php Group" for product "Pear" and version "1.4.0b2"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.0rc1
Search vendor "Php Group" for product "Pear" and version "1.4.0rc1"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.0rc2
Search vendor "Php Group" for product "Pear" and version "1.4.0rc2"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.1
Search vendor "Php Group" for product "Pear" and version "1.4.1"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.2
Search vendor "Php Group" for product "Pear" and version "1.4.2"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.3
Search vendor "Php Group" for product "Pear" and version "1.4.3"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.4
Search vendor "Php Group" for product "Pear" and version "1.4.4"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.5
Search vendor "Php Group" for product "Pear" and version "1.4.5"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.6
Search vendor "Php Group" for product "Pear" and version "1.4.6"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.7
Search vendor "Php Group" for product "Pear" and version "1.4.7"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.8
Search vendor "Php Group" for product "Pear" and version "1.4.8"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.9
Search vendor "Php Group" for product "Pear" and version "1.4.9"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.10
Search vendor "Php Group" for product "Pear" and version "1.4.10"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.10rc1
Search vendor "Php Group" for product "Pear" and version "1.4.10rc1"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.4.11
Search vendor "Php Group" for product "Pear" and version "1.4.11"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.5.0
Search vendor "Php Group" for product "Pear" and version "1.5.0"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.5.0a1
Search vendor "Php Group" for product "Pear" and version "1.5.0a1"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.5.0rc1
Search vendor "Php Group" for product "Pear" and version "1.5.0rc1"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.5.0rc2
Search vendor "Php Group" for product "Pear" and version "1.5.0rc2"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.5.0rc3
Search vendor "Php Group" for product "Pear" and version "1.5.0rc3"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.5.1
Search vendor "Php Group" for product "Pear" and version "1.5.1"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.5.2
Search vendor "Php Group" for product "Pear" and version "1.5.2"
-
Affected
Php Group
Search vendor "Php Group"
Pear
Search vendor "Php Group" for product "Pear"
1.5.3
Search vendor "Php Group" for product "Pear" and version "1.5.3"
-
Affected