Vulnerabilities
By Date By Type Known Exploited Assigners CVSS Scores EPSS Scores Search
Vulnerable Software
Vendors Products Version Search
Metasploit Modules CWE Definitions
Articles Blog

PHP » PHP : Security Vulnerabilities Published In 2016 (Directory traversal)

Published in:
2016 January   February   March   April   May   June   July   August   September   October   November   December  
CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9
In CISA KEV Catalog
Copy

CVE-2015-6833

Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.
Max Base Score
7.5
Published 2016-01-19
Updated 2017-11-04
EPSS 0.89%

CVE-2014-9767

Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.
Max Base Score
4.3
Published 2016-05-22
Updated 2018-01-05
EPSS 1.13%
2 vulnerabilities found
This web site uses cookies for managing your session and website analytics (Google analytics) purposes as described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close