Description

EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read system files such as /windows/win.ini.

Related CPE's

Could not find any relations

References

https://www.easyphp.org/

https://www.exploit-db.com/exploits/51430

https://www.vulncheck.com/advisories/easyphp-webserver-path-traversal-via-directory-traversal-sequences

https://www.exploit-db.com/exploits/51430

Weaknesses

[email protected]

Secondary
CWE-22

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Awaiting analysis

Published

2025-12-18T20:15:53.097

24 hours ago

Last modified

2025-12-19T18:00:18.330

3 hours ago