PHP : Security Vulnerabilities, CVEs, (Directory traversal) CVSS score >= 7
CVE-2020-36193
Known exploited
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
Max CVSS
7.5
EPSS Score
92.37%
Published
2021-01-18
Updated
2022-01-01
CISA KEV Added
2022-08-25
In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.
Max CVSS
7.0
EPSS Score
0.07%
Published
2017-05-18
Updated
2017-05-31
Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.
Max CVSS
7.5
EPSS Score
0.60%
Published
2016-01-19
Updated
2017-11-04
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.
Max CVSS
7.5
EPSS Score
0.80%
Published
2008-12-17
Updated
2018-10-11
Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.
Max CVSS
7.5
EPSS Score
1.98%
Published
2007-09-12
Updated
2018-10-15
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.
Max CVSS
7.5
EPSS Score
0.87%
Published
2007-09-04
Updated
2017-07-29
6 vulnerabilities found