Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP PEAR安装程序任意文件覆盖漏洞
Vulnerability Description
PEAR(全称PHP Extension and Application Repository)是PHP Group负责维护的一个PHP扩展及应用的代码仓库。 PEAR 1.9.2及之前版本的安装程序中存在漏洞。本地用户可以借助与(1)download_dir,(2)cache_dir,(3)tmp_dir,和(4)pear-build-download目录有关的package.xml文件中的符号链接攻击覆盖任意文件。
CVSS Information
N/A
Vulnerability Type
N/A