15-Year-Old Bug in PEAR PHP Repository Could’ve Enabled Supply Chain Attacks
,
A 15-year-old security vulnerability has been disclosed in the PEAR PHP repository that could permit an attacker to carry out a supply chain attack, including obtaining unauthorized access to publish rogue packages and execute arbitrary code.
« An attacker exploiting the first one could take over any developer account and publish malicious releases, while the second bug would allow the attacker
« An attacker exploiting the first one could take over any developer account and publish malicious releases, while the second bug would allow the attacker
,
A 15-year-old security vulnerability has been disclosed in the PEAR PHP repository that could permit an attacker to carry out a supply chain attack, including obtaining unauthorized access to publish rogue packages and execute arbitrary code.
« An attacker exploiting the first one could take over any developer account and publish malicious releases, while the second bug would allow the attacker
« An attacker exploiting the first one could take over any developer account and publish malicious releases, while the second bug would allow the attacker
, ,
https://thehackernews.com/2022/04/15-year-old-bug-in-pear-php-repository.html