Description
The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.
Remediation
References
Related Vulnerabilities
WordPress Plugin Download Manager Directory Traversal (3.2.54)
WordPress Plugin Image News slider 'upload.php' Arbitrary File Upload (3.3)
WordPress Plugin Anti-Malware Security and Brute-Force Firewall Cross-Site Scripting (4.15.42)
WordPress 'cat' Parameter SQL Injection Vulnerability (1.5 - 1.5.1.1)
WordPress Plugin WP Construction Mode Cross-Site Request Forgery (1.8)