CVE-2002-0484

PHP - Path Traversal

Title source: llm

Description

move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Tozz · phplocalphp

https://www.exploit-db.com/exploits/21347

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://online.securityfocus.com/archive/1/262999

[Various Sources] http://bugs.php.net/bug.php?id=16128

[Third Party Advisory] http://www.iss.net/security_center/static/8591.php

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/4325

[Mailing List] http://marc.info/?l=bugtraq&m=101683938806677&w=2

[Vendor Advisory] http://online.securityfocus.com/archive/1/263259

Scores

EPSS 0.0559

EPSS Percentile 90.3%

Details

Status published

Products (30)

php/php 3.0

php/php 3.0.1

php/php 3.0.2

php/php 3.0.3

php/php 3.0.4

php/php 3.0.5

php/php 3.0.6

php/php 3.0.7

php/php 3.0.8

php/php 3.0.9

... and 20 more

Published Aug 12, 2002

Tracked Since Feb 18, 2026