pear-PEAR -- PEAR installer arbitrary code execution vulnerability
Gregory Beaver reports:
A standard feature of the PEAR installer implemented in
all versions of PEAR can lead to the execution of
arbitrary PHP code upon running the "pear" command
or loading the Web/Gtk frontend.
To be vulnerable, a user must explicitly install a
publicly released malicious package using the PEAR
installer, or explicitly install a package that depends on
a malicious package.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright