Description

The open_basedir configuration directive will limit the files that can be opened by PHP to the specified directory-tree. When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. open_basedir is a good protection against remote file inclusion vulnerabilities. For a remote attacker it is not possible to break out of the open_basedir restrictions if he is only able to inject the name of a file to be included. Therefore the number of files he will be able to include with such a local file include vulnerability is limited.

Remediation

You can set open_basedir from php.ini

php.ini
open_basedir = your_application_directory

Related Vulnerabilities

Passive Mixed Content over HTTPS

Apache Tomcat version older than 7.0.28

Apache REST RCE CVE-2018-11770

ASP.NET potential HTTP Verb Tampering

JBoss BSHDeployer MBean

Severity

Medium

Classification

CWE-664 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration