Plattform
php
Komponente
php
Behoben in
7.3.31
7.4.24
8.0.11
CVE-2021-21706 is a directory traversal vulnerability affecting PHP versions 7.3.x, 7.4.x, and 8.0.x running on Microsoft Windows. This flaw allows an attacker to potentially write files outside the intended target directory when extracting a specially crafted ZIP archive. The vulnerability impacts versions 7.3.x before 7.3.31, 7.4.x before 7.4.24, and 8.0.x before 8.0.11. A fix is available in PHP 8.0.11.
An attacker can exploit CVE-2021-21706 by crafting a malicious ZIP archive containing specially named files that, when extracted using ZipArchive::extractTo(), result in files being written outside the designated target directory. This could allow an attacker to overwrite critical system files or application configuration files, potentially leading to denial of service or even arbitrary code execution, depending on the permissions of the PHP process. The vulnerability is particularly concerning in environments where PHP is used to process user-uploaded ZIP archives, as this provides a direct attack vector. The impact is limited to Windows environments.
CVE-2021-21706 was published on October 4, 2021. There are currently no publicly known active campaigns exploiting this vulnerability. No public Proof-of-Concept (POC) code has been widely released. The vulnerability's severity is rated as MEDIUM based on the CVSS score. It is not currently listed on CISA’s Known Exploited Vulnerabilities catalog (KEV).
Web applications using PHP versions 7.3.x, 7.4.x, and 8.0.x on Microsoft Windows are at risk. Shared hosting environments where users can upload files are particularly vulnerable, as are applications that process user-supplied ZIP files without proper validation. Legacy systems running older PHP versions are also at increased risk.
• windows / server:
Get-WinEvent -LogName Application -Filter "EventID=1001 and Message contains 'ZipArchive::extractTo'"• generic web:
curl -I <target_url>/path/to/php_script.php?file=malicious.zip | grep 'Content-Type: application/zip'disclosure
Exploit-Status
EPSS
0.53% (67% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2021-21706 is to upgrade to PHP version 8.0.11 or later. If upgrading is not immediately feasible, implement strict input validation to sanitize ZIP archive filenames before extraction. Consider using a more secure ZIP extraction library that provides better protection against path traversal vulnerabilities. Restrict the permissions of the PHP process to prevent it from writing to sensitive system directories. After upgrading, confirm the fix by attempting to extract a malicious ZIP archive and verifying that files are not written outside the target directory.
Actualice a PHP versión 7.3.31, 7.4.24 o 8.0.11 o superior. Esto corrige la vulnerabilidad que permite la extracción de archivos fuera del directorio de destino en entornos Windows.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2021-21706 is a directory traversal vulnerability in PHP versions 7.3.x, 7.4.x, and 8.0.x on Windows. It allows attackers to potentially write files outside the intended directory when extracting malicious ZIP files.
You are affected if you are running PHP 7.3.x before 7.3.31, 7.4.x before 7.4.24, or 8.0.x before 8.0.11 on a Microsoft Windows system.
Upgrade to PHP version 8.0.11 or later. As a temporary workaround, restrict file uploads and validate ZIP file contents before extraction.
There is no current evidence of active exploitation, but the vulnerability is publicly known and could be targeted.
Refer to the official PHP security advisory: https://www.php.net/security/advisory/2.0/php-8.0-21706
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.