Published: 04/10/2021 Updated: 03/11/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

A security issue has been found in PHP on Windows prior to 8.0.11 and 7.4.24. It is possible to construct ZIP archives containing files which are placed outside the destination directory given to ZipArchive::extractTo() because the implementation of php_zip_make_relative_path() doesn't properly cater to absolute directories on Windows; a path starting with a slash is not an absolute path on Windows, but rather a relative path pointing to the current volume.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php

A security issue has been found in PHP on Windows before versions 8011 and 7424 It is possible to construct ZIP archives containing files which are placed outside the destination directory given to ZipArchive::extractTo() because the implementation of php_zip_make_relative_path() doesn't properly cater to absolute directories on Windows; a pat ...

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS ...

CWE-22 https://bugs.php.net/bug.php?id=81420 https://security.netapp.com/advisory/ntap-20211029-0007/https://nvd.nist.gov https://security.archlinux.org/CVE-2021-21706 https://security.paloaltonetworks.com/PAN-SA-2024-0001

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-21706

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect