diff --git a/NEWS b/NEWS
index 4318d871d9d..bac82772401 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,10 @@ PHP                                                                        NEWS
 - PGSQL:
   . Fixed parameter parsing of pg_lo_export(). (kocsismate)
 
+- Standard:
+  . Fixed bug GH-11138 (move_uploaded_file() emits open_basedir warning for
+    source file). (ilutov)
+
 11 May 2023, PHP 8.1.19
 
 - Core:
diff --git a/Zend/tests/gh11138.phpt b/Zend/tests/gh11138.phpt
new file mode 100644
index 00000000000..fcd5cd11cfb
--- /dev/null
+++ b/Zend/tests/gh11138.phpt
@@ -0,0 +1,28 @@
+--TEST--
+move_uploaded_file() emits open_basedir warning for source file
+--POST_RAW--
+Content-type: multipart/form-data, boundary=AaB03x
+
+--AaB03x
+content-disposition: form-data; name="file"; filename="file.txt"
+Content-Type: text/plain
+
+foo
+--AaB03x--
+--FILE--
+<?php
+
+ini_set('open_basedir', __DIR__);
+
+$destination = __DIR__ . '/gh11138.tmp';
+var_dump(move_uploaded_file($_FILES['file']['tmp_name'], $destination));
+echo file_get_contents($destination), "\n";
+
+?>
+--CLEAN--
+<?php
+@unlink(__DIR__ . '/gh11138.tmp');
+?>
+--EXPECT--
+bool(true)
+foo
diff --git a/ext/standard/file.c b/ext/standard/file.c
index 548bcc7a37c..d51a584ed9c 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -1669,8 +1669,9 @@ PHPAPI int php_copy_file_ctx(const char *src, const char *dest, int src_flg, php
 	php_stream *srcstream = NULL, *deststream = NULL;
 	int ret = FAILURE;
 	php_stream_statbuf src_s, dest_s;
+	int src_stat_flags = (src_flg & STREAM_DISABLE_OPEN_BASEDIR) ? PHP_STREAM_URL_STAT_IGNORE_OPEN_BASEDIR : 0;
 
-	switch (php_stream_stat_path_ex(src, 0, &src_s, ctx)) {
+	switch (php_stream_stat_path_ex(src, src_stat_flags, &src_s, ctx)) {
 		case -1:
 			/* non-statable stream */
 			goto safe_to_copy;