CVE-2020-7664
The ExtractTo function doesn’t securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.
Source: CVE-2020-7664
CVE-2020-7664
The ExtractTo function doesn’t securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.
Source: CVE-2020-7664