CVE-2011-1144
CVE-2011-1144 concerns the PEAR installer prior to 1.9.2. The vulnerability allows local users to overwrite arbitrary files via a symlink attack on package.xml, related to the download_dir, cache_dir, tmp_dir, and pear-build-download directories. The issue exists because of an incomplete fix for ...