CVE-2023-53944

MEDIUM

EasyPHP Webserver 14.1 - Path Traversal

Title source: llm

Description

EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read system files such as /windows/win.ini.

Exploits (1)

exploitdb WORKING POC
by Rafael Pedrero · textwebappsphp
https://www.exploit-db.com/exploits/51430

References (3)

Scores

CVSS v3 6.5
EPSS 0.0024
EPSS Percentile 47.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (2)
Easyphp/EasyPHP Webserver 14.1
easyphp/webserver 14.1
Published Dec 18, 2025
Tracked Since Feb 18, 2026