Description
Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.
Remediation
References
Related Vulnerabilities
WordPress Plugin Top 10-Popular posts for WordPress Cross-Site Scripting (2.3.0)
MySQL CVE-2023-22059 Vulnerability (CVE-2023-22059)
WordPress Plugin Filter Custom Fields & Taxonomies Light Unspecified Vulnerability (1.04)
WordPress Plugin Multiple Page Generator-MPG Cross-Site Request Forgery (3.3.9)
WordPress Plugin Product Catalog Multiple Vulnerabilities (3.1.2)