The vulnerability of the PHP interpreter, allowing a hacker to modify arbitrary files

The vulnerability of the PharData PHP interpreter relates to deficiencies in pathname restrictions for directories. Exploiting this vulnerability allows an attacker to modify arbitrary files by adding the symbol “..” to the pathname of the ZIP archive during the extractTo operation...

UBUNTU-CVE-2015-6833

Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. dot dot in a ZIP archive entry that is mishandled during an extractTo call...