CVE-2023-53944

Published: Dec 18, 2025Modified: Dec 26, 2025

7.1

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read system files such as /windows/win.ini.

Affected (1)

Products: Easyphp: Webserver

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Easyphp Webserver	Version 14.1

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (4)

https://www.easyphp.org/

Source: disclosure@vulncheck.com

Product

https://www.exploit-db.com/exploits/51430

Source: disclosure@vulncheck.com

Exploit

https://www.vulncheck.com/advisories/easyphp-webserver-path-traversal-via-directory-traversal-sequences

Source: disclosure@vulncheck.com

Third Party AdvisoryExploit

https://www.exploit-db.com/exploits/51430

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Exploit

Timeline

No history available yet.