PT-2006-1224 · Php · Php Pear
Published
2006-01-09
·
Updated
2018-10-19
·
CVE-2006-0144
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PHP PEAR version 0.2.2
Description
The issue allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious
extractModify function.Recommendations
For PHP PEAR version 0.2.2, consider disabling the proxy server feature in go-pear.php until a patch is available. Restrict access to the
extractModify function in Tar.php to minimize the risk of exploitation.Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Php Pear