PT-2020-5321 · Php+7 · Php+7

Published

2020-02-17

·

Updated

2025-08-11

·

CVE-2020-7063

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions PHP versions 7.2.x through 7.2.27 PHP versions 7.3.x through 7.3.14 PHP versions 7.4.x through 7.4.2
Description The issue is related to the incorrect preservation of permissions when creating PHAR archives using the PharData::buildFromIterator() function. This may result in files having more lax permissions than intended when the archive is extracted. The problem can be exploited by a remote attacker to impact data integrity.
Recommendations For PHP versions 7.2.x through 7.2.27, update to version 7.2.28 or later. For PHP versions 7.3.x through 7.3.14, update to version 7.3.15 or later. For PHP versions 7.4.x through 7.4.2, update to version 7.4.3 or later.

Exploit

Fix

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-281

Related Identifiers

ALSA-2020:3662
ALT-PU-2020-1304
ALT-PU-2020-1385
BDU:2021-00097
BIT-LIBPHP-2020-7063
BIT-PHP-2020-7063
BIT-PHP-MIN-2020-7063
CESA-2020_3662
CVE-2020-7063
DLA-2160-1
DSA-4717-1
DSA-4719-1
MGASA-2020-0119
OPENSUSE-SU-2020:0341-1
OPENSUSE-SU-2020_0341-1
OPENSUSE-SU-2022_4067-1
OPENSUSE-SU-2024:11167-1
OPENSUSE-SU-2024:11169-1
RHSA-2020:3662
RHSA-2020:5275
RHSA-2020_3662
RLSA-2020:3662
SUSE-SU-2020:0622-1
SUSE-SU-2020:0647-1
SUSE-SU-2020:0658-1
SUSE-SU-2022:4067-1
USN-4330-1

Affected Products

Alt Linux
Almalinux
Centos
Php
Red Hat
Rocky Linux
Suse
Ubuntu