QwikSec

Security Database

CVE

CWE

Training

CVE-2007-2519

Published: May 22, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_UBUNTU

vdb-entry

x_refsource_OSVDB

vendor-advisory

x_refsource_MANDRIVA

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_VUPEN

http://pear.php.net/advisory-20070507.txt

x_refsource_CONFIRM

pear-installer-file-overwrite(34482)

vdb-entry

x_refsource_XF

http://pear.php.net/news/vulnerability2.php

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.