exploitDog

CVE-2023-53944

Опубликовано: 18 дек. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read system files such as /windows/win.ini.

Ссылки

https://www.easyphp.org/
Product
https://www.exploit-db.com/exploits/51430
Exploit
https://www.vulncheck.com/advisories/easyphp-webserver-path-traversal-via-directory-traversal-sequences
Third Party Advisory
Exploit
https://www.exploit-db.com/exploits/51430
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:easyphp:webserver:14.1:*:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00236

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-8c7w-wmmg-f7mj

CVSS3: 6.5

github

около 2 месяцев назад

EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read system files such as /windows/win.ini.

EPSS

Процентиль: 46%

0.00236

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22