CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-5630

PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.052

EPSS Ranking 89.5%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

http://pear.php.net/bugs/bug.php?id=21171
http://www.securityfocus.com/bid/95882
https://www.exploit-db.com/exploits/41185/
http://pear.php.net/bugs/bug.php?id=21171
http://www.securityfocus.com/bid/95882
https://www.exploit-db.com/exploits/41185/

Products affected by CVE-2017-5630

Php » Pear » Version: 1.10.1

cpe:2.3:a:php:pear:1.10.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-5630

Products

Pricing

Contact Us