Strix
26.1K

CVE-2007-2519

UnknownEPSS 7.29%

Last modified

CVE-2007-2519 is a vulnerability of currently unknown severity. Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. EPSS estimates a 7.29% chance of exploitation in the next 30 days.

Description

Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.

Metrics

EPSS Probability
7.29%

93.6th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
Php GroupPear1.0
Php GroupPear1.0.1
Php GroupPear1.1
Php GroupPear1.2
Php GroupPear1.2.1
Php GroupPear1.2b1
Php GroupPear1.2b2
Php GroupPear1.2b3
Php GroupPear1.2b4
Php GroupPear1.2b5
Php GroupPear1.3
Php GroupPear1.3.1
Php GroupPear1.3.3
Php GroupPear1.3.3.1
Php GroupPear1.3.4
Php GroupPear1.3.5
Php GroupPear1.3.6
Php GroupPear1.3b1
Php GroupPear1.3b2
Php GroupPear1.3b3
Php GroupPear1.3b5
Php GroupPear1.3b6
Php GroupPear1.4.0
Php GroupPear1.4.0a1
Php GroupPear1.4.0a2
Php GroupPear1.4.0a3
Php GroupPear1.4.0a4
Php GroupPear1.4.0a5
Php GroupPear1.4.0a6
Php GroupPear1.4.0a7
Php GroupPear1.4.0a8
Php GroupPear1.4.0a9
Php GroupPear1.4.0a10
Php GroupPear1.4.0a11
Php GroupPear1.4.0a12
Php GroupPear1.4.0b1
Php GroupPear1.4.0b2
Php GroupPear1.4.0rc1
Php GroupPear1.4.0rc2
Php GroupPear1.4.1
Php GroupPear1.4.2
Php GroupPear1.4.3
Php GroupPear1.4.4
Php GroupPear1.4.5
Php GroupPear1.4.6
Php GroupPear1.4.7
Php GroupPear1.4.8
Php GroupPear1.4.9
Php GroupPear1.4.10
Php GroupPear1.4.10rc1

Showing 50 of 59 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2007-2519?
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.
How severe is CVE-2007-2519?
Severity scoring for CVE-2007-2519 is pending analysis. The EPSS model estimates a 7.29% probability of exploitation in the next 30 days.
How do I fix CVE-2007-2519?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-2519?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST