Описание
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | zip not present in 5.1 |
| devel | not-affected | 5.2.6.dfsg.1-3ubuntu2 |
| gutsy | released | 5.2.3-1ubuntu6.5 |
| hardy | released | 5.2.4-2ubuntu5.5 |
| intrepid | released | 5.2.6-2ubuntu4.1 |
| upstream | released | 5.2.7 |
Показывать по
EPSS
7.5 High
CVSS2
Связанные уязвимости
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.
Directory traversal vulnerability in the ZipArchive::extractTo functio ...
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.
EPSS
7.5 High
CVSS2