CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-7063

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.1%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 5.0

References

Products affected by CVE-2020-7063

Php » Php » Version: 7.2.0

cpe:2.3:a:php:php:7.2.0
Php » Php » Version: 7.2.1

cpe:2.3:a:php:php:7.2.1
Php » Php » Version: 7.2.10

cpe:2.3:a:php:php:7.2.10
Php » Php » Version: 7.2.11

cpe:2.3:a:php:php:7.2.11
Php » Php » Version: 7.2.12

cpe:2.3:a:php:php:7.2.12
Php » Php » Version: 7.2.13

cpe:2.3:a:php:php:7.2.13
Php » Php » Version: 7.2.14

cpe:2.3:a:php:php:7.2.14
Php » Php » Version: 7.2.15

cpe:2.3:a:php:php:7.2.15
Php » Php » Version: 7.2.16

cpe:2.3:a:php:php:7.2.16
Php » Php » Version: 7.2.17

cpe:2.3:a:php:php:7.2.17
Php » Php » Version: 7.2.18

cpe:2.3:a:php:php:7.2.18
Php » Php » Version: 7.2.19

cpe:2.3:a:php:php:7.2.19
Php » Php » Version: 7.2.2

cpe:2.3:a:php:php:7.2.2
Php » Php » Version: 7.2.20

cpe:2.3:a:php:php:7.2.20
Php » Php » Version: 7.2.21

cpe:2.3:a:php:php:7.2.21
Php » Php » Version: 7.2.22

cpe:2.3:a:php:php:7.2.22
Php » Php » Version: 7.2.23

cpe:2.3:a:php:php:7.2.23
Php » Php » Version: 7.2.24

cpe:2.3:a:php:php:7.2.24
Php » Php » Version: 7.2.25

cpe:2.3:a:php:php:7.2.25
Php » Php » Version: 7.2.26

cpe:2.3:a:php:php:7.2.26
Php » Php » Version: 7.2.27

cpe:2.3:a:php:php:7.2.27
Php » Php » Version: 7.2.3

cpe:2.3:a:php:php:7.2.3
Php » Php » Version: 7.2.4

cpe:2.3:a:php:php:7.2.4
Php » Php » Version: 7.2.5

cpe:2.3:a:php:php:7.2.5
Php » Php » Version: 7.2.6

cpe:2.3:a:php:php:7.2.6
Php » Php » Version: 7.2.7

cpe:2.3:a:php:php:7.2.7
Php » Php » Version: 7.2.8

cpe:2.3:a:php:php:7.2.8
Php » Php » Version: 7.2.9

cpe:2.3:a:php:php:7.2.9
Php » Php » Version: 7.3.0

cpe:2.3:a:php:php:7.3.0
Php » Php » Version: 7.3.1

cpe:2.3:a:php:php:7.3.1
Php » Php » Version: 7.3.10

cpe:2.3:a:php:php:7.3.10
Php » Php » Version: 7.3.11

cpe:2.3:a:php:php:7.3.11
Php » Php » Version: 7.3.12

cpe:2.3:a:php:php:7.3.12
Php » Php » Version: 7.3.13

cpe:2.3:a:php:php:7.3.13
Php » Php » Version: 7.3.14

cpe:2.3:a:php:php:7.3.14
Php » Php » Version: 7.3.2

cpe:2.3:a:php:php:7.3.2
Php » Php » Version: 7.3.3

cpe:2.3:a:php:php:7.3.3
Php » Php » Version: 7.3.4

cpe:2.3:a:php:php:7.3.4
Php » Php » Version: 7.3.5

cpe:2.3:a:php:php:7.3.5
Php » Php » Version: 7.3.6

cpe:2.3:a:php:php:7.3.6
Php » Php » Version: 7.3.7

cpe:2.3:a:php:php:7.3.7
Php » Php » Version: 7.3.8

cpe:2.3:a:php:php:7.3.8
Php » Php » Version: 7.3.9

cpe:2.3:a:php:php:7.3.9
Php » Php » Version: 7.4.0

cpe:2.3:a:php:php:7.4.0
Php » Php » Version: 7.4.1

cpe:2.3:a:php:php:7.4.1
Php » Php » Version: 7.4.2

cpe:2.3:a:php:php:7.4.2
Tenable » Tenable.sc » Version: N/A

cpe:2.3:a:tenable:tenable.sc:-
Tenable » Tenable.sc » Version: 5.13.0

cpe:2.3:a:tenable:tenable.sc:5.13.0
Tenable » Tenable.sc » Version: 5.14.0

cpe:2.3:a:tenable:tenable.sc:5.14.0
Tenable » Tenable.sc » Version: 5.14.1

cpe:2.3:a:tenable:tenable.sc:5.14.1
Tenable » Tenable.sc » Version: 5.16.0

cpe:2.3:a:tenable:tenable.sc:5.16.0
Tenable » Tenable.sc » Version: 5.17.0

cpe:2.3:a:tenable:tenable.sc:5.17.0
Tenable » Tenable.sc » Version: 5.18.0

cpe:2.3:a:tenable:tenable.sc:5.18.0
Debian » Debian Linux » Version: 10.0

cpe:2.3:o:debian:debian_linux:10.0
Debian » Debian Linux » Version: 8.0

cpe:2.3:o:debian:debian_linux:8.0
Debian » Debian Linux » Version: 9.0

cpe:2.3:o:debian:debian_linux:9.0
Opensuse » Leap » Version: 15.1

cpe:2.3:o:opensuse:leap:15.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-7063

Products

Pricing

Contact Us