Published: 12/08/2002 Updated: 18/10/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote malicious users to upload files to unintended locations on the system.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 3.0.11
php php 3.0.12
php php 3.0.3
php php 3.0.4
php php 4.0.1
php php 4.0.6
php php 4.0.7
php php 3.0.1
php php 3.0.10
php php 3.0.17
php php 3.0.18
php php 3.0.2
php php 3.0.9
php php 4.0
php php 4.0.4
php php 4.0.5
php php 4.1.2
php php 3.0
php php 3.0.15
php php 3.0.16
php php 3.0.7
php php 3.0.8
php php 4.0.3
php php 4.1.0
php php 4.1.1
php php 3.0.13
php php 3.0.14
php php 3.0.5
php php 3.0.6
php php 4.0.2

source: wwwsecurityfocuscom/bid/4325/info PHP is a server side scripting language, designed to be embedded within HTML files It is available for Windows, Linux, and many Unix based operating systems It is commonly used for web development, and is very widely deployed It has been reported that the move_uploaded_file function lacks an o ...

NVD-CWE-Other http://online.securityfocus.com/archive/1/263259 http://online.securityfocus.com/archive/1/262999 http://bugs.php.net/bug.php?id=16128 http://www.iss.net/security_center/static/8591.php http://www.securityfocus.com/bid/4325 http://marc.info/?l=bugtraq&m=101683938806677&w=2 https://nvd.nist.gov https://www.exploit-db.com/exploits/21347/

CVE-2002-0484

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect