CVE-2024-11215 MEDIUM

CVE-2024-11215: Path traversal vulnerability in EasyPHP

Vendor Easyphp
Product EasyPHP web server
Weakness CWE-22 · Path traversal
Published November 14, 2024
Last update November 14, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Absolute path traversal (incorrect restriction of a path to a restricted directory) vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server by setting only consecutive strings ‘/...%5c’.

Key dates

02Disclosure timeline

November 14, 2024 CVE published
November 14, 2024 Record updated