Lucene search
K

8 matches found

cnnvd
cnnvd
added 2026/05/26 12:0 a.m.10 views

Pear Archive_Tar 安全漏洞

Pear ArchiveTar is a PHP-based software developed by the PEAR team that allows for creating and extracting tar packages. Prior to version 3.08, Pear ArchiveTar had a security vulnerability. This vulnerability stemmed from the makespecialfile function, which passed the linkname of the tar header t...

9.1CVSS5.8AI score0.0043EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/05/26 12:0 a.m.11 views

Pear Archive_Tar 安全漏洞

Pear ArchiveTar is a PHP-based software developed by the PEAR team that allows for creating and extracting tar packages. Prior to version 3.08, Pear ArchiveTar had a security vulnerability. This vulnerability stemmed from the makespecialfile function, which passed the linkname of the tar header t...

9.1CVSS5.8AI score0.0043EPSS
Exploits0References3
osv
osv
added 2022/05/01 6:43 a.m.6 views

GHSA-F3XW-VGC7-F7H8 PEAR::Archive_Tar Directory Traversal vulnerability

Directory traversal vulnerability in PEAR::ArchiveTar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive...

9.3CVSS7AI score0.0236EPSS
Exploits0References5
cnnvd
cnnvd
added 2021/07/20 12:0 a.m.4 views

Backdrop CMS 后置链接漏洞

Backdrop CMS is an open source content management system CMS. A backlink vulnerability exists in Backdrop CMS. The vulnerability stems from the use of the third-party PEAR ArchiveTar library and could allow a remote attacker to execute arbitrary code on the system...

7.1CVSS8AI score0.73377EPSS
Exploits0References24
ncsc
ncsc
added 2021/02/09 12:0 a.m.3 views

Vulnerability fixed in PEAR

A vulnerability has been fixed in PEAR ArchiveTar. A malicious party could potentially exploit the vulnerability to run execute arbitrary PHP code under the privileges of the application. To do this, the malicious party must create a rogue .tar-, .tar.gz, .bz2, or .tlz file to be processed by the...

7.5CVSS7.1AI score0.70595EPSS
Exploits0
cnnvd
cnnvd
added 2020/11/19 12:0 a.m.9 views

Pear Archive_Tar Injection Vulnerability

Pear ArchiveTar is a Php-based software from the Pear PEAR team that can create and extract tarballs. A security vulnerability exists in ArchiveTar version 1.4.10 and earlier versions, which stems from the :// filename sanitization attack only for phar, so any other stream-wrapper file:// to...

7.8CVSS7.3AI score0.84554EPSS
Exploits4References29
cnnvd
cnnvd
added 2020/11/19 12:0 a.m.7 views

Pear Archive_Tar Code Issue Vulnerability

Pear ArchiveTar is a Php-based software from the Pear PEAR team that can perform creation, extraction, etc. on tarballs. A security vulnerability exists in ArchiveTar version 1.4.10 and earlier versions that allows deserialization attacks because phar: is blocked while phar: is not...

7.8CVSS7.1AI score0.47493EPSS
Exploits2References27
osv
osv
added 2019/01/14 5:53 p.m.3 views

USN-3857-1 php-pear vulnerability

Fariskhi Vidyan discovered that PEAR ArchiveTar incorrectly handled certain archive paths. A remote attacker could possibly use this issue to execute arbitrary code...

8.8CVSS7.3AI score0.19207EPSS
Exploits5References2
Rows per page
Query Builder