5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
30.7%
cPanel does not automatically synchronize the PHP open_basedir
configuration directive between the main server and virtual hosts that
share physical directories, which might allow a local user to bypass
open_basedir restrictions and access other virtual hosts via a PHP script
that uses a main server URL (such as ~username) that is blocked by the
user’s own open_basedir directive, but not the main server’s open_basedir
directive.