CVE-2023-53944 HIGH

CVE-2023-53944: EasyPHP Webserver 14.1 Path Traversal via Directory Traversal Sequences

Vendor Easyphp
Product EasyPHP Webserver
Weakness CWE-22 · Path traversal
Published December 18, 2025
Last update April 7, 2026

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read system files such as /windows/win.ini.

Key dates

02Disclosure timeline

December 18, 2025 CVE published
April 7, 2026 Record updated