Description
The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.
Remediation
References
Related Vulnerabilities
Handlebars Other Vulnerability (CVE-2021-23383)
e107 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-1989)
Envoy Proxy Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2021-32780)
phpMyFAQ Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4825)