PT-2008-6711 · Php+1 · Php+1

Published

2008-12-17

·

Updated

2018-10-11

·

CVE-2008-5658

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.2.7
Description A directory traversal issue exists in the ZipArchive::extractTo function, allowing attackers to write arbitrary files via a ZIP file with a file name containing .. (dot dot) sequences.
Recommendations For PHP versions prior to 5.2.7, update to a version newer than 5.2.6 to resolve the issue.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2008-5658
DSA-1789-1
DTSA-188-1
HPSBUX02431
HPSBUX02465
RHSA-2009:0350

Affected Products

Hp-Ux
Php