Open_basedir

Description

The open_basedir configuration directive will limit the files that can be opened by PHP to the specified directory-tree. When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. open_basedir is a good protection against remote file inclusion vulnerabilities. For a remote attacker it is not possible to break out of the open_basedir restrictions if he is only able to inject the name of a file to be included. Therefore the number of files he will be able to include with such a local file include vulnerability is limited.

Remediation

To enable the use of 'openbasedir' you will need to edit the global PHP INI file for the PHP version you wish to use. You can do this by going to WHM's HomeSoftwareMultiPHP INI Editor. Click on the 'editor' tab, then select your PHP version from the drop-down menu. Find the below section. PHP openbasedir Tweaking. By Jithin on August 22nd, 2016. PHP openbasedir feature prevents users from opening files outside of their home directory with PHP scripts. It is an important security feature which stops malicious scripts from being able to access important information.

You can set open_basedir from php.ini
php.ini
open_basedir = your_application_directory

Related Vulnerabilities

Severity

Medium

Classification

Open_basedir In Php.ini

CWE-16CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:NOpen_basedir ispconfig

Open_basedir Restriction In Effect

Tags

Open_basedir Multiple Paths

Configuration