1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 6:30 pm Apr 27, 2026

Forum Moderators: coopster

Message Too Old, No Replies

PHP PEAR package manager compromised

         

brotherhood of LAN

9:37 pm on Jan 25, 2019 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



If you have downloaded PHP PEAR package manager from its official website in past 6 months, we are sorry to say that your server might have been compromised.


[thehackernews.com...]

robzilla

9:59 pm on Jan 25, 2019 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Yikes. To clarify:
"Also note that this does *not* affect the PEAR installer package itself... it affects the go-pear.phar executable that you would use to initially install the PEAR installer. Using the 'pear' command to install various PEAR package is *not* affected."

whitespace

10:06 pm on Jan 26, 2019 (gmt 0)

10+ Year Member Top Contributors Of The Month



A possible respite...

UPDATE — The PEAR team has published more details about the recent security incident, explaining the tainted "go-pear.phar" found on its server appeared to be planted after the last official file release on 20 December 2018.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 6:30 pm Apr 27, 2026