A vulnerability in PHP could allow an unauthenticated, remote attacker to access sensitive information on a targeted system.
The vulnerability is related to VCWD_RENAME() and is due to improper file handling by the affected software when performing file rename operations across devices. An attacker could exploit this vulnerability by accessing a file during a rename operation by the new file name prior to the completion of the rename operation. A successful exploit could allow the attacker to access sensitive, file-based, information and use the information to launch additional attacks.
The PHP Project has confirmed the vulnerability and released software updates.
Security Impact Rating: High