CVE-2007-1460

Name of the Vulnerable Software and Affected Versions PHP versions prior to 4.4.7 PHP versions 5.2.0 and 5.2.1

Description The issue concerns the zip:// URL wrapper provided by the PECL zip extension in PHP, which fails to implement safemode or open basedir checks. This allows remote attackers to read ZIP archives located outside of the intended directories.

Recommendations For PHP versions prior to 4.4.7, update to version 4.4.7 or later. For PHP versions 5.2.0 and 5.2.1, update to a version later than 5.2.1.