Directory Traversal Vulnerability in PEAR Installer by PEAR
CVE-2007-2519

Currently unrated

Key Information:

Vendor

PHP Group

Status
Pear
Vendor
CVE Published:
22 May 2007

What is CVE-2007-2519?

A directory traversal vulnerability exists within the PEAR installer, affecting versions from 1.0 to 1.5.3. This flaw allows for the possibility of an attacker, through user-assisted means, to exploit the installer by using a '..' sequence in the 'install-as' attribute located in package.xml for version 1.0, or in the 'as' attribute for version 2.0. Such exploitation could lead to arbitrary file overwriting, creating significant security risks, especially if used to manipulate sensitive resources.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.ubuntu.com/usn/usn-462-1
vendor-advisoryx_refsource_UBUNTU
http://osvdb.org/42108
vdb-entryx_refsource_OSVDB
http://www.mandriva.com/security/advisories?name=MDKSA-20...
vendor-advisoryx_refsource_MANDRIVA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.