CVE-2024-11215

Name of the Vulnerable Software and Affected Versions EasyPHP version 14.1

Description The issue is an absolute path traversal vulnerability, which could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server. This is achieved by setting consecutive strings ‘/...%5c’. The vulnerability may potentially lead to remote code execution.

Recommendations For EasyPHP version 14.1, patch immediately to resolve the issue and review logs for signs of compromise. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.