Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive.
6.8AI Score
0.082EPSS
PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with $v_header['filename'] as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific prefix path, we can trigger...
8.8CVSS
8.8AI Score
0.007EPSS