Webserver
CVE-2024-11215
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from Vendor (incibe) · only source for this CVE.
CVSS VectorVendor: incibe
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Absolute path traversal (incorrect restriction of a path to a restricted directory) vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server by setting only consecutive strings ‘/...%5c’.
AnalysisAI
Absolute path traversal (incorrect restriction of a path to a restricted directory) vulnerability in the EasyPHP web server, affecting version 14.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Absolute path traversal (incorrect restriction of a path to a restricted directory) vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server by setting only consecutive strings ‘/...%5c’. Affected products include: Easyphp Webserver. Version information: version 14.1..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. Rated critical severit
A vulnerability was found in markparticle WebServer up to 1.0. Rated medium severity (CVSS 6.9), this vulnerability is r
A vulnerability classified as critical has been found in markparticle WebServer up to 1.0. Rated medium severity (CVSS 6
A vulnerability was found in markparticle WebServer up to 1.0. Rated medium severity (CVSS 6.9), this vulnerability is r
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today