Perl Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2018-12015)

Description

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

Remediation

References

CVE-2018-12015

Related Vulnerabilities

phpMyFAQ Other Vulnerability (CVE-2004-2257)

ProjectSend Improper Privilege Management Vulnerability (CVE-2020-28874)

WordPress Plugin Auto Affiliate Links Multiple SQL Injection Vulnerabilities (4.9.9.4)

phpList Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-22249)

SugarCRM Missing Authorization Vulnerability (CVE-2020-7472)

Severity

High

Classification

CVE-2018-12015 CWE-59 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N