ByteOS Network

NVD Vulnerability Details :

CVE-2023-53944

Analyzed

Source-disclosure@vulncheck.com

Published At-18 Dec, 2025 | 20:15

Updated At-26 Dec, 2025 | 16:55

EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read system files such as /windows/win.ini.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	7.1	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 4.0

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CPE Matches

easyphp>>webserver>>14.1

cpe:2.3:a:easyphp:webserver:14.1:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-22	Secondary	disclosure@vulncheck.com

CWE ID: CWE-22

Type: Secondary

Source: disclosure@vulncheck.com

References

Hyperlink	Source	Resource
https://www.easyphp.org/	disclosure@vulncheck.com	Product
https://www.exploit-db.com/exploits/51430	disclosure@vulncheck.com	Exploit
https://www.vulncheck.com/advisories/easyphp-webserver-path-traversal-via-directory-traversal-sequences	disclosure@vulncheck.com	Third Party Advisory Exploit
https://www.exploit-db.com/exploits/51430	134c704f-9b21-4f2e-91b3-4a467353bcc0	Exploit

Hyperlink: https://www.easyphp.org/

Source: disclosure@vulncheck.com

Resource:

Product

Hyperlink: https://www.exploit-db.com/exploits/51430

Source: disclosure@vulncheck.com

Resource:

Exploit

Hyperlink: https://www.vulncheck.com/advisories/easyphp-webserver-path-traversal-via-directory-traversal-sequences

Source: disclosure@vulncheck.com

Resource:

Third Party Advisory

Exploit

Hyperlink: https://www.exploit-db.com/exploits/51430

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Resource:

Exploit

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History