Description

move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.

Remediation

References

CVE-2002-0484

Related Vulnerabilities

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Arbitrary File Upload (1.2.5)

WordPress Other Vulnerability (CVE-2004-1559)

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2011-1928)

WordPress Plugin VideoWhisper Video Conference Integration Arbitrary File Upload (4.91.8)

WordPress Plugin Smart Slider 3 PRO Cross-Site Scripting (3.5.0.8)

Severity

Medium

Classification

CVE-2002-0484

Tags

Missing Update Known Vulnerabilities