Vulnerabilities > CVE-2006-2825 - Unspecified vulnerability in Cpanel
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://archives.neohapsis.com/archives/bugtraq/2006-05/0402.html
- http://archives.neohapsis.com/archives/bugtraq/2006-05/0402.html
- http://osvdb.org/31835
- http://osvdb.org/31835
- http://securityreason.com/securityalert/1039
- http://securityreason.com/securityalert/1039
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26613
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26613