Directory traversal vulnerability

I have come across a security issue on a linux web server.  If someone enters the following in the address bar of a web browser:

They can view this file.  I have since removed the web server from public access.  The php script was internally created to be a helpdesk support site.  What can be done to the server to make sure no one can call this command and view other directories on the server?
Who is Participating?
sakmanConnect With a Mentor Commented:
In your php.ini you could set the open_basedir to your www root.

The open_basedir directive "Limit the files that can be opened by PHP to the specified directory-tree".
the-mizAuthor Commented:
See attached image as there is a special character at the end of the address.
the-mizAuthor Commented:
You're welcome.

You could also check safe_mode (
and open_basedir (
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.