CVE-2017-5630

HIGH

PEAR Base System 1.10.1 - Arbitrary File Overwrite via Unvalidated Redirect Response

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-5630. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file download vulnerability in PEAR Base System v1.10.1, where a crafted HTTP response can redirect a PECL download request to an unintended file, potentially overwriting files like .htaccess or downloading a backdoor.

Description

PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.

Exploits (1)

exploitdb WORKING POC
by hyp3rlinx · textwebappsphp
https://www.exploit-db.com/exploits/41185

This exploit demonstrates an arbitrary file download vulnerability in PEAR Base System v1.10.1, where a crafted HTTP response can redirect a PECL download request to an unintended file, potentially overwriting files like .htaccess or downloading a backdoor.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: PEAR Base System v1.10.1
No auth needed
Prerequisites: Control over a server to craft HTTP responses · Victim must execute a PECL download command
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/41185/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95882
Vendor Advisory x_refsource_misc
http://pear.php.net/bugs/bug.php?id=21171

Scores

CVSS v3 7.5
EPSS 0.0512
EPSS Percentile 90.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-74
Status published
Products (2)
pear/pear 0Packagist
php/pear 1.10.1
Published Feb 01, 2017
Tracked Since Feb 18, 2026