Plateforme
php
Composant
php
Corrigé dans
7.3.31
7.4.24
8.0.11
CVE-2021-21706 is a directory traversal vulnerability affecting PHP versions 7.3.x, 7.4.x, and 8.0.x running on Microsoft Windows. This flaw allows an attacker to potentially write files outside the intended target directory when extracting a specially crafted ZIP archive. The vulnerability impacts versions 7.3.x before 7.3.31, 7.4.x before 7.4.24, and 8.0.x before 8.0.11. A fix is available in PHP 8.0.11.
An attacker can exploit this vulnerability by crafting a malicious ZIP file designed to extract files outside the intended directory. On a Windows system, this could allow them to overwrite critical system files or create files in sensitive locations, potentially leading to privilege escalation or denial of service. The impact is amplified if the PHP process is running with elevated privileges. While the vulnerability is limited to Windows environments, many web servers rely on PHP, making it a widespread concern. Successful exploitation requires the attacker to be able to upload or otherwise provide a ZIP file to the PHP application.
CVE-2021-21706 was publicly disclosed on October 4, 2021. There is no indication of active exploitation at this time, but the availability of a public CVE and the relatively simple nature of the exploit make it a potential target. The EPSS score is likely low to medium, reflecting the need for attacker interaction and the Windows-specific nature of the vulnerability. No KEV listing as of this writing.
Web applications using PHP versions 7.3.x, 7.4.x, and 8.0.x on Microsoft Windows are at risk. Shared hosting environments where users can upload files are particularly vulnerable, as are applications that process user-supplied ZIP files without proper validation. Legacy systems running older PHP versions are also at increased risk.
• windows / server:
Get-WinEvent -LogName Application -Filter "EventID=1001 and Message contains 'ZipArchive::extractTo'"• generic web:
curl -I <target_url>/path/to/php_script.php?file=malicious.zip | grep 'Content-Type: application/zip'disclosure
Statut de l'Exploit
EPSS
0.53% (percentile 67%)
Vecteur CVSS
The primary mitigation for CVE-2021-21706 is to upgrade to PHP version 8.0.11 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict file uploads to trusted sources and validate ZIP file contents before extraction. Implement strict directory permissions to limit the impact of potential file overwrites. Web Application Firewalls (WAFs) can be configured to detect and block suspicious ZIP file uploads. Monitor PHP error logs for any unusual file creation or modification activity.
Actualice a PHP versión 7.3.31, 7.4.24 o 8.0.11 o superior. Esto corrige la vulnerabilidad que permite la extracción de archivos fuera del directorio de destino en entornos Windows.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2021-21706 is a directory traversal vulnerability in PHP versions 7.3.x, 7.4.x, and 8.0.x on Windows. It allows attackers to potentially write files outside the intended directory when extracting malicious ZIP files.
You are affected if you are running PHP 7.3.x before 7.3.31, 7.4.x before 7.4.24, or 8.0.x before 8.0.11 on a Microsoft Windows system.
Upgrade to PHP version 8.0.11 or later. As a temporary workaround, restrict file uploads and validate ZIP file contents before extraction.
There is no current evidence of active exploitation, but the vulnerability is publicly known and could be targeted.
Refer to the official PHP security advisory: https://www.php.net/security/advisory/2.0/php-8.0-21706
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.