CVE-2017-5630

Name of the Vulnerable Software and Affected Versions PEAR Base System version 1.10.1

Description The issue is related to insufficient neutralization of special elements in a request, which can be exploited by a remote attacker to impact data integrity. Specifically, the PECL in the download utility class in the Installer does not validate file types and filenames after a redirect, allowing remote HTTP servers to overwrite files via crafted responses.

Recommendations For PEAR Base System version 1.10.1, consider validating file types and filenames after a redirect to prevent remote HTTP servers from overwriting files. As a temporary workaround, restrict access to the download utility class in the Installer to minimize the risk of exploitation.