CVE-2017-5630
PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.
Injection
Vendor | Product | Version |
---|---|---|
php | pear | 1.10.1 |
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
php-pear |
| ||||||||||||||||||||||||||||||||||||||
php5 |
| ||||||||||||||||||||||||||||||||||||||
php7.0 |
| ||||||||||||||||||||||||||||||||||||||
php7.1 |
|
Common Weakness Enumeration