Vulnerability identifier: #VU23915
Vulnerability risk: High
Exploitation vector: Network
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to zipfileUpdate in "ext/misc/zipfile.c" mishandles a NULL pathname during an update of a ZIP archive. A remote attacker can upload and execute arbitrary file on the server.
Install updates from vendor's website.
Vulnerable software versions
Fixed software versions
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?