Description
move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.
Remediation
References
Related Vulnerabilities
IBM WebSEAL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3045)
PHP CVE-2009-3293 Vulnerability (CVE-2009-3293)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1834)
Zope Web Application Server Resource Management Errors Vulnerability (CVE-2008-5102)
WordPress Plugin OnePress Social Locker Multiple Unspecified Vulnerabilities (4.2.5)