CVE-2024-11215

{"id": "CVE-2024-11215", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-11-14T14:15:18.367", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/path-traversal-vulnerability-easyphp", "tags": ["Third Party Advisory"], "source": "cve-coordination@incibe.es"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Absolute path traversal (incorrect restriction of a path to a restricted directory) vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server by setting only consecutive strings \u2018/...%5c\u2019."}, {"lang": "es", "value": "Vulnerabilidad de path traversal absoluto (restricci\u00f3n incorrecta de una ruta a un directorio restringido) en el servidor web EasyPHP, que afecta a la versi\u00f3n 14.1. Esta vulnerabilidad podr\u00eda permitir a usuarios remotos eludir las restricciones de SecurityManager y recuperar cualquier archivo almacenado en el servidor estableciendo \u00fanicamente cadenas consecutivas '/...%5c'."}], "lastModified": "2026-01-07T21:08:31.453", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:easyphp:webserver:14.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25E85EE7-0612-4478-A212-5E5F90944A3D"}], "operator": "OR"}]}], "sourceIdentifier": "cve-coordination@incibe.es"}