Description
The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar.c.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Other Vulnerability (CVE-2001-0730)
Oracle Database Server CVE-2014-0378 Vulnerability (CVE-2014-0378)
WordPress Plugin Student Result or Employee Database Security Bypass (1.6.3)
MySQL CVE-2021-2169 Vulnerability (CVE-2021-2169)
WordPress Plugin Patreon WordPress Multiple Cross-Site Scripting Vulnerabilities (1.7.1)