PHP is prone to a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input.
A successful attack may allow an attacker to create or overwrite arbitrary files on the system. This may allow arbitrary script code to run in the context of the webserver.
PHP 5.2.6 and prior versions are vulnerable.
../../../../../../../../../../../var/www/wr_dir/evil.php
![Centos 7 Apache配置虚拟主机[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)