Primary

Context

EasyPHP Webserver Path Traversal Vulnerability Allowing Access to Sensitive Files

Vulnerability

A path traversal vulnerability has been identified in EasyPHP Webserver version 14.1. This vulnerability allows remote users with low privileges to bypass SecurityManager restrictions and access files outside the document root. Exploitation involves sending GET requests with encoded directory traversal sequences, such as /..%5c..%5c, to read system files like /windows/win.ini.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive system files, potentially allowing for further exploitation or information disclosure.

Reproduction

To reproduce this vulnerability, send a GET request to the server with an encoded directory traversal sequence that bypasses the document root restrictions. The request should target the EasyPHP Webserver 14.1 instance.

Added: Dec 18, 2025, 8:23 PM

Updated: Dec 18, 2025, 10:35 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

6.2

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

6.2

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

EasyPHP Webserver Path Traversal Vulnerability Allowing Access to Sensitive Files

Vulnerability

Impact

Reproduction

Affected Products

EasyPHP Webserver

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating