Directory traversal vulnerability in the PharData class in PHP prior to 5.4.44, 5.5.x prior to 5.5.28, and 5.6.x prior to 5.6.12 allows remote malicious users to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php 5.6.1 |
||
php php 5.5.0 |
||
php php 5.6.0 |
||
php php 5.6.5 |
||
php php 5.5.19 |
||
php php |
||
php php 5.5.25 |
||
php php 5.5.1 |
||
php php 5.5.5 |
||
php php 5.6.4 |
||
php php 5.5.21 |
||
php php 5.6.6 |
||
php php 5.5.14 |
||
php php 5.5.7 |
||
php php 5.6.11 |
||
php php 5.6.2 |
||
php php 5.6.10 |
||
php php 5.5.12 |
||
php php 5.5.6 |
||
php php 5.6.7 |
||
php php 5.5.3 |
||
php php 5.5.23 |
||
php php 5.5.8 |
||
php php 5.5.27 |
||
php php 5.5.24 |
||
php php 5.5.11 |
||
php php 5.5.13 |
||
php php 5.5.4 |
||
php php 5.5.26 |
||
php php 5.6.9 |
||
php php 5.5.10 |
||
php php 5.6.3 |
||
php php 5.5.22 |
||
php php 5.6.8 |
||
php php 5.5.18 |
||
php php 5.5.20 |
||
php php 5.5.2 |
||
php php 5.5.9 |