CVE-2023-53944
7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read system files such as /windows/win.ini.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Easyphp | EasyPHP Webserver | 14.1 | affected |
Weaknesses
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
Additional References
References
- https://www.exploit-db.com/exploits/51430
- https://www.easyphp.org/
- https://www.vulncheck.com/advisories/easyphp-webserver-path-traversal-via-directory-traversal-sequences
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.