SonarSource discovered a 15-year-old flaw in the PEAR PHP repository that could have enabled supply chain attacks.


According to the expert, the critical vulnerability in a central component of the PHP supply chain could have been easily exploited by low-skilled threat actors to cause important disruption.

“An attacker exploiting the first one could take over any developer account and publish malicious releases, while the second bug would allow the attacker to gain persistent access to the central PEAR server.” reads the post published by SonarSource.

Read more…