PHP » PHP : Security Vulnerabilities Published In 2008 (Directory traversal)

CVE-2008-5658

Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.
Max Base Score
7.5
Published
2008-12-17
Updated
2018-10-11
EPSS
0.80%

CVE-2008-2666

Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function.
Max Base Score
5.0
Published
2008-06-20
Updated
2018-10-11
EPSS
0.50%

CVE-2008-2665

Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after the safe_mode check has successfully run.
Max Base Score
5.0
Published
2008-06-20
Updated
2018-10-11
EPSS
0.46%
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close