CVE-2009-1272

Published: Apr 8, 2009
Updated: Apr 13, 2023
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2009-1272" target="_blank" rel="noopener"> CVE-2009-1272
Severity: Medium
Exploit:

The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction.