CVE-2023-53944

EasyPHP Webserver 14.1 Path Traversal via Directory Traversal Sequences

CVSS 7.1 HIGHEPSS 0.8%CWE-22

EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read system files such as /windows/win.ini.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

Easyphp · EasyPHP Webserver

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.easyphp.org/https://www.exploit-db.com/exploits/51430 https://www.vulncheck.com/advisories/easyphp-webserver-path-traversal-via-directory-traversal-sequences