Is myvestacp secure from local attack?
Posted: Thu Aug 15, 2024 4:28 pm
In default variant (nginx+apache+phpfpm) = not vulnerable, because open_basedir will prevent access to /var/run/php/
In the nginx+phpfpm variant (installed on less than 1% of myvestacp servers) = it is vulnerable from the local environment because PHP-FPM uses a local TCP port that another user can access. However, we believe that nobody uses this variant for shared hosting.