← back
CVE-2023-53944

EasyPHP Webserver 14.1 Path Traversal via Directory Traversal Sequences

CVSS 7.1 HIGHEPSS 0.8%CWE-22
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.1EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
18 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read system files such as /windows/win.ini.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
Easyphp · EasyPHP Webserver

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.easyphp.org/https://www.exploit-db.com/exploits/51430https://www.vulncheck.com/advisories/easyphp-webserver-path-traversal-via-directory-traversal-sequences