CVE-2021-21706

MEDIUM Year: 2021
CVSS v3 Score
6.5
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-24
View all →

Vulnerability Description

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions.

Related Vulnerabilities

CVE-2020-8567

MEDIUM
CVSS:6.5(Medium)

Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass o...

CWE-242020

CVE-2022-20656

MEDIUM
CVSS:6.5(Medium)

A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. To ex...

CWE-242022

CVE-2023-3240

MEDIUM
CVSS:6.5(Medium)

A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNews_deal.php. The manipulation of the arg...

CWE-242023

CVE-2023-7040

MEDIUM
CVSS:6.5(Medium)

A vulnerability classified as problematic was found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this vulnerability is an unknown functionality of the file /file-manager/rename.php. The mani...

CWE-242023

CVE-2024-6786

MEDIUM
CVSS:6.5(Medium)

The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of se...

CWE-242024

CVE-2025-27920

MEDIUM
CVSS:6.5(Medium)

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside ...

CWE-242025