CVE-2020-7063
Files added to tar with Phar::buildFromIterator have all-access permissionsIn PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.
We have discovered 597,107 live websites that are affected by CVE-2020-7063.
Contact us to get more info
Affected Software
| |
---|
Product | PHP |
Category | Programming Languages |
Vulnerable Versions | - from 7.2 before 7.2.28
- from 7.3 before 7.3.15
- from 7.4 before 7.4.3
|
Total Vulnerable Versions | 507 |
Vulnerable Domains | 597,107 live websites (4.94% of PHP install base) |
Common Weakness Enumeration
CWE-281 Improper Preservation of Permissions
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2020-7063 and the relative popularity of websites