NuytsTech Security

CVE-2008-5658

by ·

Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.

Date published : 2008-12-17

http://www.securityfocus.com/bid/32625

http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html

Tags: