CVE-2002-0484

PHP - Unauthenticated Arbitrary File Write via move_uploaded_file

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0484. PoCs published by Tozz.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in PHP's move_uploaded_file function, allowing file uploads outside the open_basedir restriction. It provides a simple form to upload files to an arbitrary directory, bypassing intended security constraints.

Description

move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Tozz · phplocalphp
https://www.exploit-db.com/exploits/21347

This exploit demonstrates a directory traversal vulnerability in PHP's move_uploaded_file function, allowing file uploads outside the open_basedir restriction. It provides a simple form to upload files to an arbitrary directory, bypassing intended security constraints.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: PHP (versions affected by CVE-2002-0484)
No auth needed
Prerequisites: PHP installation vulnerable to CVE-2002-0484 · Ability to upload files via a web form
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Vendor Advisory mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/262999
Various Sources x_refsource_confirm
http://bugs.php.net/bug.php?id=16128
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/8591.php
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4325
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=101683938806677&w=2
Vendor Advisory mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/263259

Scores

EPSS 0.0950
EPSS Percentile 94.8%

Details

Status published
Products (30)
php/php 3.0
php/php 3.0.1
php/php 3.0.2
php/php 3.0.3
php/php 3.0.4
php/php 3.0.5
php/php 3.0.6
php/php 3.0.7
php/php 3.0.8
php/php 3.0.9
... and 20 more
Published Aug 12, 2002
Tracked Since Feb 18, 2026