#VU56905 Absolute Path Traversal in PHP - CVE-2021-21706
Published: September 29, 2021 / Updated: September 30, 2021
Vulnerability identifier: #VU56905
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-21706
CWE-ID: CWE-36
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
PHP
PHP
Software vendor:
PHP Group
PHP Group
Description
The vulnerability allows a remote attacker overwrite files on the system.
The vulnerability exists due to insufficient filtration of file names in the php_zip_make_relative_path() function on Windows systems. A remote attacker can construct a specially crafted ZIP archive, which once extracted by the ZipArchive::extractTo() function, can overwrite files outside of the destination directory.
Successful exploitation of the vulnerability may allow an attacker to overwrite arbitrary files on the system with privileges of the web server, but requires that the web application is running on Windows.
Remediation
Install updates from vendor's website.