### Vulnerability Summary A path traversal vulnerability exists in the `emu2nZip()` function (located at `src/class/emu2n.php`, line 783). The function fails to validate ZIP entry names when extracting ZIP archives. An attacker can upload a malicious ZIP file containing `../` sequences, allowing arbitrary file writes to any location on the server filesystem—including PHP files—leading to Remote Code Execution (RCE). ### Affected Versions - **Plugin**: emu2nZip - **Vulnerable Version**: 2.6.2 - **Patched Version**: None (No official fix available) ### Remediation No official patch is currently available. The recommended fix is to validate ZIP entry names before extraction, rejecting any paths containing `..`. ### Related Code **Vulnerable Code:** ```php if (true == @copy($tempDir.$name,$to)) { $zip->close(); return $z; } ``` **Suggested Fix:** ```php // Validate each ZIP entry name, rejecting paths containing .. for ($i = 0; $i numFiles; $arr = []) { $name = $zip->getName($i); if (strpos($name, '..') !== false) { return -1; } } ```