Main Vulnerability Database SB2019012102

SB2019012102 - Backdoor in PHP PEAR

Published: January 21, 2019

Security Bulletin ID SB2019012102

Severity

Critical

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Backdoor (CVE-ID: N/A)

The vulnerability allows a remote attacker to compromise the affected system.

The issue exists within the PHP PEAR software, downloaded from the official repository within the last 6 month. Unknown attackers compromised the official repository and implanted malicious code into it.

If you have updated your PEAR installation within the last 6 month, most likely your server is compromised.

Remediation

Install update from vendor's website.

References

http://blog.pear.php.net/2018/12/20/security-vulnerability-announcement-archive_tar/