CVE-2007-2519
PEAR 1.0-1.5.3 - Directory Traversal via Package.xml Install Attribute
Title source: llmDescription
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Gregory Beaver · textremotelinux
https://www.exploit-db.com/exploits/30074
References (9)
Core 9
Core References
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-462-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/42108
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:110
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24111
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1926
Exploit, Patch, Vendor Advisory x_refsource_confirm
http://pear.php.net/advisory-20070507.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34482
Various Sources x_refsource_confirm
http://pear.php.net/news/vulnerability2.php
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25372
Scores
EPSS
0.0435
EPSS Percentile
89.0%
Details
Status
published
Products (50)
php_group/pear
1.0
php_group/pear
1.0.1
php_group/pear
1.1
php_group/pear
1.2
php_group/pear
1.2.1
php_group/pear
1.2b1
php_group/pear
1.2b2
php_group/pear
1.2b3
php_group/pear
1.2b4
php_group/pear
1.2b5
... and 40 more
Published
May 22, 2007
Tracked Since
Feb 18, 2026