{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-11215","assignerOrgId":"0cbda920-cd7f-484a-8e76-bf7f4b7f4516","state":"PUBLISHED","assignerShortName":"INCIBE","dateReserved":"2024-11-14T08:26:53.402Z","datePublished":"2024-11-14T13:37:04.665Z","dateUpdated":"2024-11-14T14:27:02.624Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"EasyPHP web server","vendor":"EasyPHP","versions":[{"status":"affected","version":"14.1"}]}],"credits":[{"lang":"en","type":"finder","value":"Rafael Pedrero"}],"datePublic":"2024-11-14T11:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Absolute path traversal (incorrect restriction of a path to a restricted directory) vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server by setting only consecutive strings ā€˜/...%5cā€™."}],"value":"Absolute path traversal (incorrect restriction of a path to a restricted directory) vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server by setting only consecutive strings ā€˜/...%5cā€™."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"0cbda920-cd7f-484a-8e76-bf7f4b7f4516","shortName":"INCIBE","dateUpdated":"2024-11-14T13:37:04.665Z"},"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/path-traversal-vulnerability-easyphp"}],"source":{"discovery":"UNKNOWN"},"title":"Path traversal vulnerability in EasyPHP","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-14T14:22:43.295709Z","id":"CVE-2024-11215","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-14T14:27:02.624Z"}}]}}