In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions.
Source: PHP Group
Max CVSS
6.5
EPSS Score
0.09%
Published
2021-10-04
Updated
2021-11-03
In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.
Source: MITRE
Max CVSS
7.0
EPSS Score
0.05%
Published
2017-05-18
Updated
2017-05-31
Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.
Source: SUSE
Max CVSS
7.5
EPSS Score
0.60%
Published
2016-01-19
Updated
2017-11-04
Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.
Source: MITRE
Max CVSS
4.3
EPSS Score
1.34%
Published
2016-05-22
Updated
2018-01-05
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.
Source: Red Hat, Inc.
Max CVSS
5.8
EPSS Score
2.48%
Published
2012-05-24
Updated
2018-01-18
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."
Source: Red Hat, Inc.
Max CVSS
6.4
EPSS Score
5.48%
Published
2011-06-16
Updated
2018-10-30
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.80%
Published
2008-12-17
Updated
2018-10-11
Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function.
Source: MITRE
Max CVSS
5.0
EPSS Score
0.71%
Published
2008-06-20
Updated
2018-10-11
Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after the safe_mode check has successfully run.
Source: MITRE
Max CVSS
5.0
EPSS Score
0.46%
Published
2008-06-20
Updated
2018-10-11
Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.
Source: MITRE
Max CVSS
7.5
EPSS Score
1.69%
Published
2007-09-12
Updated
2018-10-15
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.82%
Published
2007-09-04
Updated
2017-07-29
Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
Source: MITRE
Max CVSS
5.0
EPSS Score
0.38%
Published
2007-04-30
Updated
2017-10-11
Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function.
Source: MITRE
Max CVSS
2.6
EPSS Score
2.53%
Published
2006-04-10
Updated
2018-10-30
The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected by the magic_quotes_gpc mechanism. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
Source: MITRE
Max CVSS
5.0
EPSS Score
1.96%
Published
2005-01-10
Updated
2017-07-11
14 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!