Home

Description

EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read system files such as /windows/win.ini.

PUBLISHED Reserved 2025-12-16 | Published 2025-12-18 | Updated 2025-12-18 | Assigner VulnCheck




HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

14.1
affected

Credits

Rafael Pedrero finder

References

www.exploit-db.com/exploits/51430 exploit

www.exploit-db.com/exploits/51430 (ExploitDB-51430) exploit

www.easyphp.org/ (Official Product Homepage) product

www.vulncheck.com/...ersal-via-directory-traversal-sequences (VulnCheck Advisory: EasyPHP Webserver 14.1 Path Traversal via Directory Traversal Sequences) third-party-advisory

cve.org (CVE-2023-53944)

nvd.nist.gov (CVE-2023-53944)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.