exploitDog

CVE-2024-11215

Опубликовано: 14 нояб. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Absolute path traversal (incorrect restriction of a path to a restricted directory) vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server by setting only consecutive strings ‘/...%5c’.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/path-traversal-vulnerability-easyphp
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:easyphp:webserver:14.1:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.0008

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-h76p-cpvc-jjj8

CVSS3: 6.5

github

около 1 года назад

Absolute path traversal (incorrect restriction of a path to a restricted directory) vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server by setting only consecutive strings ‘/...%5c’.

EPSS

Процентиль: 24%

0.0008

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22