CVE-2008-5658

2008-12-17T15:30:01
ID CVE-2008-5658
Type cve
Reporter NVD
Modified 2017-08-07T21:33:27

Description

Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.