Old Pear PHP Repository Vulnerability Could Have Enabled Supply Chain Attacks
15-year old bugs in Pear PHP repository that could enable supply chain attacks with remote code exeuction has been disclosed. According to SonarSource vulnerability researcher Thomas Chauchefoin, "an attacker exploiting the first one could take over any developer account and publish malicious releases, while the second bug would allow the attacker to gain persistent access to the central PEAR server." Read more...