Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PEAR INSTALL-AS属性任意文件覆盖漏洞
Vulnerability Description
PEAR(全称PHP Extension and Application Repository)是PHP Group负责维护的一个PHP扩展及应用的代码仓库。 PEAR的安装属性实现上存在漏洞,本地攻击者可能利用此漏洞覆盖系统文件。 PEAR安装程序没有对package.xml的install-as属性或<install>标签执行验证,允许攻击者向任意位置安装文件,如果PEAR安装程序以特权用户权限运行的话,就可能覆盖关键的系统文件。 用户必须使用PEAR安装程序安装恶意软件包才会受漏洞影响。如果文件包含
CVSS Information
N/A
Vulnerability Type
N/A