Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2006-2825
HistoryJun 05, 2006 - 5:02 p.m.

CVE-2006-2825

2006-06-0517:02:00
[email protected]
web.nvd.nist.gov
16
cpanel
php
open_basedir
security
server
virtual hosts
nvd
vulnerability

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.7%

JSON

cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user’s own open_basedir directive, but not the main server’s open_basedir directive.

Affected configurations

NVD
Node
cpanelcpanel
CPENameOperatorVersion
cpanel:cpanelcpaneleq*

Related

nvd 1
ubuntucve 1
prion 1
cvelist 1
nvd
nvd
CVE-2006-2825
2006-06-05 17:02:00
ubuntucve
ubuntucve
CVE-2006-2825
2006-06-05 00:00:00
prion
prion
Design/Logic Flaw
2006-06-05 17:02:00
cvelist
cvelist
CVE-2006-2825
2006-06-05 17:00:00

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.7%

JSON
Related for CVE-2006-2825
nvd1ubuntucve1prion1cvelist1