Description
Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.
Remediation
References
Related Vulnerabilities
WordPress Plugin Flexible Custom Post Type Cross-Site Scripting (0.1.5)
WordPress Plugin Facebook Promotion Generator for WordPress 'fbActivate.php' SQL Injection (1.3.3)
Apache HTTP Server Cryptographic Issues Vulnerability (CVE-2009-3555)
WordPress Plugin ImageLinks Interactive Image Builder for WordPress Cross-Site Scripting (1.5.2)