Description

Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.

Remediation

References

CVE-2008-5658

Related Vulnerabilities

WordPress Plugin BulletProof Security Cross-Site Scripting (.53.3)

Oracle Application Server Other Vulnerability (CVE-2006-5354)

Dolibarr Incorrect Authorization Vulnerability (CVE-2021-25954)

WordPress Plugin TagNinja 'id' Parameter Cross-Site Scripting (1.0)

Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-5593)

Severity

High

Classification

CVE-2008-5658 CWE-22

Tags

Missing Update Known Vulnerabilities