Описание
Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 5.6.11+dfsg-1ubuntu3 |
| esm-infra-legacy/trusty | not-affected | 5.5.9+dfsg-1ubuntu4.13 |
| precise | released | 5.3.10-1ubuntu3.20 |
| trusty | released | 5.5.9+dfsg-1ubuntu4.13 |
| trusty/esm | not-affected | 5.5.9+dfsg-1ubuntu4.13 |
| upstream | released | 5.6.12+dfsg-1 |
| vivid | released | 5.6.4+dfsg-4ubuntu6.3 |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.
Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.
Directory traversal vulnerability in the PharData class in PHP before ...
Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.
Уязвимость интерпретатора PHP, позволяющая нарушителю изменять произвольные файлы
EPSS
5 Medium
CVSS2
7.5 High
CVSS3