vulnerability
PHP Vulnerability: CVE-2015-6833
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Jan 19, 2016 | Feb 1, 2016 | Aug 11, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Jan 19, 2016
Added
Feb 1, 2016
Modified
Aug 11, 2025
Description
Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.
Solutions
php-upgrade-5_4_44php-upgrade-5_5_28php-upgrade-5_6_12
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.