CVE-2021-21706
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| PHP Group | PHP | 7.3.x < 7.3.31 | affected |
| PHP Group | PHP | 7.4.x < 7.4.24 | affected |
| PHP Group | PHP | 8.0.X < 8.0.11 | affected |
Weaknesses
- CWE-24: CWE-24 Path Traversal: '../filedir'
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.