CVE-2021-21706
ZipArchive::extractTo may extract outside of destination dir
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions.
We have discovered 977,161 live websites that are affected by CVE-2021-21706.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 507 |
| Vulnerable Domains | 977,161 live websites (8.08% of PHP install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2021-21706 and the relative popularity of websitesDetails
- Published - Sep 21, 2021
- Updated - Oct 29, 2021
Credits
- reported by vi at hackberry dot xyz
CWE
CVE References
CWE References
Countries
 United States | 361,832 websites |
 France | 251,148 websites |
 Germany | 29,791 websites |
 Russia | 27,604 websites |
 GB | 22,928 websites |
 Canada | 21,924 websites |
 Brazil | 20,498 websites |
 Poland | 18,779 websites |
 Italy | 18,429 websites |
 Spain | 18,018 websites |
TLDs
| .com | 485,716 websites |
| .fr | 111,762 websites |
| .org | 56,055 websites |
| .net | 30,811 websites |
| .ru | 22,504 websites |
| .de | 18,354 websites |
| .com.br | 16,635 websites |
| .pl | 14,409 websites |
| .be | 13,985 websites |
| .co.uk | 13,710 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2021-21706 through included software libraries and plugins.References
Websites affected by CVE-2021-21706
Top websites that are affected by CVE-2021-21706. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.*****.pl | Poland | *,*** | |
| *******.com | Germany | *,*** | |
| ****.org | GB | *,*** | |
| ***************.org | United States | *,*** | |
| ***.ly | United States | *,*** | |
| **********.org | United States | *,*** | |
| ***.**.gov | United States | *,*** | |
| ***.**********.org | United States | *,*** | |
| ******.com | France | *,*** | |
| **********.com | France | *,*** |