CVE-2008-5658
CVE-2008-5658
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://marc.info/?l=bugtraq&m=124654546101607&w=2http://marc.info/?l=bugtraq&m=125631037611762&w=2http://osvdb.org/50480http://secunia.com/advisories/35003http://secunia.com/advisories/35306http://secunia.com/advisories/35650https://exchange.xforce.ibmcloud.com/vulnerabilities/47079https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.htmlhttp://wiki.rpath.com/Advisories:rPSA-2009-0035