Lucene search
K

10 matches found

BDU FSTEC
BDU FSTEC
added 2022/04/27 12:0 a.m.5 views

The vulnerability of the `ziparchive::extractto` function in the PHP programming language lies in its lack of name-based path limitation, allowing attackers to create arbitrary directories.

The vulnerability of the ziparchive::extractto function in the PHP programming language is related to deficiencies in pathname restrictions for directories. Exploiting this vulnerability could allow an attacker to create arbitrary directories remotely...

4.3CVSS6.8AI score0.04542EPSS
Exploits1References15Affected Software3
BDU FSTEC
BDU FSTEC
added 2021/12/17 12:0 a.m.4 views

The vulnerability of the ZipArchive::extractTo function in the PHP interpreter allows a attacker to create or overwrite files.

The vulnerability of the ZipArchive::extractTo function in the PHP interpreter exists due to an incorrect limitation on the path name of the restricted directory. Exploiting this vulnerability could allow a malicious actor to create or re-record files remotely...

7.1CVSS6.8AI score0.01337EPSS
Exploits0References7Affected Software2
Tenable Nessus
Tenable Nessus
added 2021/10/28 12:0 a.m.293 views

PHP 7.4.x < 7.4.24 Arbitrary File Write

The version of PHP installed on the remote host is 7.4.x prior to 7.4.25. It is, therefore, affected by a vulnerability as referenced in the version 7.4.24 advisory. In the Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when...

6.5CVSS7AI score0.01337EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/10/28 12:0 a.m.186 views

PHP 7.3.x < 7.3.31 Arbitrary File Write

The version of PHP installed on the remote host is 7.3.x prior to 7.3.31. It is, therefore, affected by a vulnerability as referenced in the version 7.3.31 advisory. In the Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when...

6.5CVSS7AI score0.01337EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2021/10/04 4:15 a.m.36 views

CVE-2021-21706

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...

6.5CVSS6.7AI score0.01337EPSS
Exploits0References2
Prion
Prion
added 2021/10/04 4:15 a.m.55 views

Design/Logic Flaw

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...

4.3CVSS6.2AI score0.01337EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/10/04 4:0 a.m.36 views

CVE-2021-21706 ZipArchive::extractTo may extract outside of destination dir

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...

5.3CVSS6.8AI score0.01337EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/03/01 12:0 a.m.364 views

PHP 7.0.x < 7.0.0 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.x prior to 7.0.0. It is, therefore, affected by the following vulnerabilities: - A directory traversal vulnerability in the ZipArchive::extractTo function of ext/zip/phpzip.c script. An unauthenticated, remote...

7.5CVSS7AI score0.08276EPSS
Exploits3References5
UbuntuCve
UbuntuCve
added 2014/12/31 12:0 a.m.33 views

CVE-2014-9767

Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/phpzip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/extzip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive...

4.3CVSS6.9AI score0.04542EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2008/12/04 12:0 a.m.20 views

SE-2008-06.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHP ZipArchive::extractTo Directory Traversal Vulnerability Release Date: 2008/12/04 Last Modified: 2008/12/04 Author: Stefan Esser stefan.esseratsektioneins.de Application: PHP 5 =...

7.4AI score
Exploits0
Rows per page
Query Builder