CVE-2020-28949

Related Files

Red Hat Security Advisory 2022-7340-01

Posted Nov 3, 2022

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7340-01 - The php-pear package contains the PHP Extension and Application Repository, a framework and distribution system for reusable PHP components. Issues addressed include file overwrite and traversal vulnerabilities.

tags | advisory, php, vulnerability

systems | linux, redhat

advisories | CVE-2020-28948, CVE-2020-28949, CVE-2020-36193

SHA-256 | a7fa9058c1eedb244721abe0a8c951c08858548c0d0aa8043efb04595a1418a9

Download | Favorite | View

Red Hat Security Advisory 2022-6541-01

Posted Sep 19, 2022

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6541-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include file overwrite and traversal vulnerabilities.

tags | advisory, web, php, vulnerability

systems | linux, redhat

advisories | CVE-2020-28948, CVE-2020-28949, CVE-2020-36193

SHA-256 | 31e06af192874dd30d3a85b7cb09c29d3a3dcfb884ab079d8e1ed05690b96675

Download | Favorite | View

Red Hat Security Advisory 2022-6542-01

Posted Sep 15, 2022

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6542-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include file overwrite and traversal vulnerabilities.

tags | advisory, web, php, vulnerability

systems | linux, redhat

advisories | CVE-2020-28948, CVE-2020-28949, CVE-2020-36193

SHA-256 | 68bf1d235da93117cff40ab6ea814ef4085f0dc2038277e7f4087fb2b57977d3

Download | Favorite | View

Gentoo Linux Security Advisory 202101-23

Posted Jan 26, 2021

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202101-23 - Multiple vulnerabilities have been found in PEAR Archive_Tar, the worst of which could result in the arbitrary execution of code. Versions prior to 1.4.12 are affected.

tags | advisory, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2020-28948, CVE-2020-28949, CVE-2020-36193

SHA-256 | 23c60404ece473e34d6e965ed7a8107728f79654767a5fd6af210fcf4330db3f

Download | Favorite | View

PEAR Archive_Tar Arbitrary File Write

Posted Jan 25, 2021

Authored by gwillcox-r7, xorathustra | Site metasploit.com

This Metasploit module takes advantages of Archive_Tar versions prior to 1.4.11 which fail to validate file stream wrappers contained within filenames to write an arbitrary file containing user controlled content to an arbitrary file on disk. Note that the file will be written to disk with the permissions of the user that PHP is running as, so it may not be possible to overwrite some files if the PHP user is not appropriately privileged.

tags | exploit, arbitrary, php

advisories | CVE-2020-28949

SHA-256 | 1019e130477e9832a8566af946e7e3daa33b70f86ad034baced9732c7dae0aa5

Download | Favorite | View

Debian Security Advisory 4817-1

Posted Dec 28, 2020

Authored by Debian | Site debian.org

Debian Linux Security Advisory 4817-1 - Two vulnerabilities were discovered in the PEAR Archive_Tar package for handling tar files in PHP, potentially allowing a remote attacker to execute arbitrary code or overwrite files.

tags | advisory, remote, arbitrary, php, vulnerability

systems | linux, debian

advisories | CVE-2020-28948, CVE-2020-28949

SHA-256 | 55d35347b0095ee7302f943e512c864a3ce5dbf064f74322a52bab2f3e2a85eb

Download | Favorite | View