Description
The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction.
Remediation
References
Related Vulnerabilities
Moodle Missing Authorization Vulnerability (CVE-2019-10187)
WordPress Plugin Count per Day Multiple Vulnerabilities (3.5.6)
WordPress Plugin SFBrowser 'sfbrowser.php' Arbitrary File Upload (1.4.5)
Oracle JRE CVE-2013-0446 Vulnerability (CVE-2013-0446)
Roundcube Cross-site Scripting (XSS) Vulnerability (CVE-2015-8864)