diff --git a/modules/cms/widgets/AssetList.php b/modules/cms/widgets/AssetList.php
index 0fcd63c73..3dda5d1b3 100644
--- a/modules/cms/widgets/AssetList.php
+++ b/modules/cms/widgets/AssetList.php
@@ -333,13 +333,20 @@ class AssetList extends WidgetBase
 
             $basename = basename($path);
             $originalFullPath = $this->getFullPath($path);
-            $newFullPath = rtrim($destinationFullPath, '/').'/'.$basename;
+            $newFullPath = realpath(rtrim($destinationFullPath, '/')) . '/' . $basename;
             $safeDir = $this->getAssetsPath();
 
             if ($originalFullPath == $newFullPath) {
                 continue;
             }
 
+            if (!starts_with($newFullPath, $safeDir)) {
+                throw new ApplicationException(Lang::get(
+                    'cms::lang.asset.error_moving_file',
+                    ['file' => $basename]
+                ));
+            }
+
             if (is_file($originalFullPath)) {
                 if (!@File::move($originalFullPath, $newFullPath)) {
                     throw new ApplicationException(Lang::get(