VYPR
Medium severity4.3NVD Advisory· Published May 22, 2016· Updated Jun 17, 2026

CVE-2014-9767

CVE-2014-9767

Description

Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

55

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.