Description

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

Remediation

References

CVE-2018-12015

Related Vulnerabilities

WordPress Plugin Chamber Dashboard Business Directory Cross-Site Scripting (3.2.8)

WordPress Plugin Code Insert Manager (Q2W3 Inc Manager) ZeroClipboard Cross-Site Scripting (2.3.1)

WordPress Plugin WP DSGVO Tools (GDPR) Cross-Site Scripting (3.1.23)

Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2005-0211)

Internet Information Services Other Vulnerability (CVE-2000-0071)

Severity

High

Classification

CVE-2018-12015 CWE-59 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities