PHP PEAR INSTALL-AS Attribute Arbitrary File Overwrite Vulnerability

PEAR is prone to a vulnerability that lets attackers overwrite arbitrary files.

An attacker-supplied package may supply directory-traversal strings through the 'install-as' attribute to create and overwrite files in arbitrary locations.

This issue affects PEAR 1.0 to 1.5.3.


Privacy Statement
Copyright 2010, SecurityFocus