Vigil@nce - Vigil@nce - PHP: directory escape via ZipArchive-extractTo(), analyzed on 23/09/2021
November 2021 by Vigil@nce
Vigil@nce - An attacker can escape from the working directory of PHP, via ZipArchive::extractTo(), in order to write a file outside the service root path.
Plus d'information sur : https://vigilance.fr/vulnerability/PHP-directory-escape-via-ZipArchive-extractTo-36516