← back
CVE-2017-5630

CVE-2017-5630

EPSS 12.5%
PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/41185/unverifiedexploitdbwww.exploit-db.com/exploits/41185unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://pear.php.net/bugs/bug.php?id=21171https://www.exploit-db.com/exploits/41185/http://www.securityfocus.com/bid/95882