Description
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2019-2962 Vulnerability (CVE-2019-2962)
Oracle Database Server Other Vulnerability (CVE-2005-0701)
PHP Other Vulnerability (CVE-1999-0058)
WordPress Plugin Wrapper Link Elementor Malicious Code (1.0.3)
WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Cross-Site Scripting (1.16.10)