Description

Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.

Remediation

References

CVE-2008-5658

Related Vulnerabilities

MySQL CVE-2017-10276 Vulnerability (CVE-2017-10276)

MediaWiki Improper Authentication Vulnerability (CVE-2018-0505)

WordPress Plugin Form Builder CP Cross-Site Scripting (1.2.31)

Oracle Database Server CVE-2009-1020 Vulnerability (CVE-2009-1020)

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-35986)

Severity

High

Classification

CVE-2008-5658 CWE-22

Tags

Missing Update Known Vulnerabilities