Directory Traversal Vulnerability in PEAR Installer by PEAR
CVE-2007-2519

Currently unrated

Key Information:

Vendor: PHP Group
Status: Pear
Vendor: CVE Published:; 22 May 2007

What is CVE-2007-2519?

A directory traversal vulnerability exists within the PEAR installer, affecting versions from 1.0 to 1.5.3. This flaw allows for the possibility of an attacker, through user-assisted means, to exploit the installer by using a '..' sequence in the 'install-as' attribute located in package.xml for version 1.0, or in the 'as' attribute for version 2.0. Such exploitation could lead to arbitrary file overwriting, creating significant security risks, especially if used to manipulate sensitive resources.

References

http://www.ubuntu.com/usn/usn-462-1

vendor-advisoryx_refsource_UBUNTU

http://osvdb.org/42108

vdb-entryx_refsource_OSVDB

http://www.mandriva.com/security/advisories?name=MDKSA-20...

vendor-advisoryx_refsource_MANDRIVA

Timeline

Vulnerability published
May 22, 2007
Vulnerability Reserved
May 7, 2007

PHP Group

What is CVE-2007-2519?

References

Timeline