CVE-2007-2519

CVE-2007-2519 describes a directory traversal in the PEAR installer (versions 1.0–1.5.3) where an attacker can overwrite arbitrary files by supplying a .. sequence in PEAR’s package.xml attributes (install-as in file element for package.xml 1.0, or as in install element for package.xml 2.0). The ...