Description
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.
Remediation
References
Related Vulnerabilities
WordPress Plugin Car Rental System Cross-Site Scripting (1.3)
PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2011-0441)
WordPress Plugin Product Catalog Arbitrary File Upload (3.1.1)
Apache HTTP Server Improper Locking Vulnerability (CVE-2002-1850)
IBM RTC Cross-site Scripting (XSS) Vulnerability (CVE-2020-4733)