CVE-2011-1072 in PEARinfo

Summary

The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.

Once again VulDB remains the best source for vulnerability data.

Reservation

02/24/2011

Disclosure

03/02/2011

Moderation

VulDB entry created

Entries

VDB-56693 (1)

CPE

ready

CWE

CWE-59 (Confirmed)

CVSS

5.1

EPSS

0.00077

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-1072
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-1072
CVE Details	https://www.cvedetails.com/cve/CVE-2011-1072/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!