Description

The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.

Remediation

References

CVE-2014-5459

Related Vulnerabilities

WebLogic CVE-2022-21361 Vulnerability (CVE-2022-21361)

WordPress Plugin Votecount for Balatarin Cross-Site Scripting (0.1.1)

Oracle JRE CVE-2014-2421 Vulnerability (CVE-2014-2421)

WordPress Plugin Contact Form 7 Integrations Multiple Cross-Site Scripting Vulnerabilities (1.3.10)

MySQL CVE-2020-2768 Vulnerability (CVE-2020-2768)

Severity

Low

Classification

CVE-2014-5459 CWE-59

Tags

Missing Update Known Vulnerabilities