Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
cPanel PHP open_basedir配置指令 权限许可和访问控制漏洞
Vulnerability Description
cPanel未在共享物理目录的主服务器和虚拟主机之间自动同步PHP open_basedir配置指令,本地用户可以通过一个使用主服务器URL(如~用户名)的PHP脚本(这种URL可被用户自身的open_basedir指令阻止,但不被主服务器open_basedir指令阻止)来绕过open_basedir限制并访问其他虚拟主机。
CVSS Information
N/A
Vulnerability Type
N/A