10 matches found
The vulnerability of the `ziparchive::extractto` function in the PHP programming language lies in its lack of name-based path limitation, allowing attackers to create arbitrary directories.
The vulnerability of the ziparchive::extractto function in the PHP programming language is related to deficiencies in pathname restrictions for directories. Exploiting this vulnerability could allow an attacker to create arbitrary directories remotely...
The vulnerability of the ZipArchive::extractTo function in the PHP interpreter allows a attacker to create or overwrite files.
The vulnerability of the ZipArchive::extractTo function in the PHP interpreter exists due to an incorrect limitation on the path name of the restricted directory. Exploiting this vulnerability could allow a malicious actor to create or re-record files remotely...
PHP 7.4.x < 7.4.24 Arbitrary File Write
The version of PHP installed on the remote host is 7.4.x prior to 7.4.25. It is, therefore, affected by a vulnerability as referenced in the version 7.4.24 advisory. In the Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when...
PHP 7.3.x < 7.3.31 Arbitrary File Write
The version of PHP installed on the remote host is 7.3.x prior to 7.3.31. It is, therefore, affected by a vulnerability as referenced in the version 7.3.31 advisory. In the Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when...
CVE-2021-21706
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...
Design/Logic Flaw
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...
CVE-2021-21706 ZipArchive::extractTo may extract outside of destination dir
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...
PHP 7.0.x < 7.0.0 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.x prior to 7.0.0. It is, therefore, affected by the following vulnerabilities: - A directory traversal vulnerability in the ZipArchive::extractTo function of ext/zip/phpzip.c script. An unauthenticated, remote...
CVE-2014-9767
Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/phpzip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/extzip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive...
SE-2008-06.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHP ZipArchive::extractTo Directory Traversal Vulnerability Release Date: 2008/12/04 Last Modified: 2008/12/04 Author: Stefan Esser stefan.esseratsektioneins.de Application: PHP 5 =...