CVE-2005-4154

Severity

51%

Complexity

49%

Confidentiality

106%

Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded.

Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded.

CVSS 2.0 Base Score 5.1. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P).

Overview

First reported 19 years ago

2005-12-11 02:03:00

Last updated 5 years ago

2020-01-23 14:33:00

Affected Software

PHP PEAR 0.9

0.9

PHP PEAR 0.10

0.10

PHP PEAR 0.11

0.11

PHP PEAR 0.90

0.90

PHP PEAR 1.0

1.0

PHP PEAR 1.0.1

1.0.1

PHP PEAR 1.1

1.1

PHP PEAR 1.2

1.2

PHP PEAR 1.2.1

1.2.1

PHP PEAR 1.3

1.3

PHP PEAR 1.3.1

1.3.1

PHP PEAR 1.3.3

1.3.3

PHP PEAR 1.3.3.1

1.3.3.1

PHP PEAR 1.3.4

1.3.4

PHP PEAR 1.3.5

1.3.5

PHP PEAR 1.3.6

1.3.6

PHP PEAR 1.4.0

1.4.0

PHP PEAR 1.4.0RC1

1.4.0

PHP PEAR 1.4.0RC2

1.4.0

PHP PEAR 1.4.1

1.4.1

PHP PEAR

References

http://pear.php.net/advisory-20051104.txt

Patch, Vendor Advisory

17563

Patch, Vendor Advisory

1015161

Patch

ADV-2005-2444

Vendor Advisory

pear-installer-code-execution(23021)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.