CVE-2024-11215

MEDIUM

EasyPHP Webserver 14.1 - Path Traversal via Consecutive '/...%5c' Strings

Title source: llm

Description

Absolute path traversal (incorrect restriction of a path to a restricted directory) vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server by setting only consecutive strings ‘/...%5c’.

References (1)

Core 1

Core References

Third Party Advisory

https://www.incibe.es/en/incibe-cert/notices/aviso/path-traversal-vulnerability-easyphp

Scores

CVSS v3 6.5

EPSS 0.0075

EPSS Percentile 50.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

easyphp/webserver 14.1

Published Nov 14, 2024

Tracked Since Feb 18, 2026