Code Execution Vulnerability in PEAR Installer by PEAR
CVE-2005-4154

Currently unrated

Key Information:

Vendor

PHP
Status
Pear
Vendor
CVE Published:
11 December 2005

What is CVE-2005-4154?

The PEAR Installer versions 1.4.2 and earlier contain a vulnerability that enables user-assisted attackers to execute arbitrary code. This exploitation can occur when a specially crafted package is processed during the execution of the pear command or when the Web/Gtk frontend for the installer is accessed. As a result, users are exposed to potential security risks if they inadvertently load malicious packages.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/23021
vdb-entryx_refsource_XF
http://secunia.com/advisories/17563/
third-party-advisoryx_refsource_SECUNIA
http://securitytracker.com/alerts/2005/Nov/1015161.html
vdb-entryx_refsource_SECTRACK

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.