Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0484

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0484
Last Modified 05 Sep 2008 04:28:08
Published 12 Aug 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0484

Summary

move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.

Vulnerable Systems

Application

  • Php 3.0

  • Php 3.0.1

  • Php 3.0.10

  • Php 3.0.11

  • Php 3.0.12

  • Php 3.0.13

  • Php 3.0.14

  • Php 3.0.15

  • Php 3.0.16

  • Php 3.0.17

  • Php 3.0.18

  • Php 3.0.2

  • Php 3.0.3

  • Php 3.0.4

  • Php 3.0.5

  • Php 3.0.6

  • Php 3.0.7

  • Php 3.0.8

  • Php 3.0.9

  • Php 4.0

  • Php 4.0.1

  • Php 4.0.2

  • Php 4.0.3

  • Php 4.0.4

  • Php 4.0.5

  • Php 4.0.6

  • Php 4.0.7

  • Php 4.1.0

  • Php 4.1.1

  • Php 4.1.2


References

BUGTRAQ - 20020321 Re: move_uploaded_file breaks safe_mode restrictions in PHP

BUGTRAQ - 20020317 move_uploaded_file breaks safe_mode restrictions in PHP

CONFIRM - http://bugs.php.net/bug.php?id=16128

BID - 4325

XF - php-moveuploadedfile-create-files(8591)

BUGTRAQ - 20020322 Re: move_uploaded_file breaks safe_mode restrictions in PHP


Last Updated: 27 May 2016 10:36:56