easyphp CVE Vulnerabilities & Metrics

Focus on easyphp vulnerabilities and metrics.

Last updated: 16 Jan 2026, 23:25 UTC

About easyphp Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with easyphp. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total easyphp CVEs: 4
Earliest CVE date: 27 Sep 2023, 15:18 UTC
Latest CVE date: 18 Dec 2025, 20:15 UTC

Latest CVE reference: CVE-2023-53944

Rolling Stats

30-day Count (Rolling): 2
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical easyphp CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	4
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS easyphp CVEs

These are the five CVEs with the highest CVSS scores for easyphp, sorted by severity first and recency.

CVE-2023-53944 easyphp Published on 18 Dec 2025, 20:15 UTC (CVSS: 0)
EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read system files such as /windows/win.ini.
CVE-2023-53941 easyphp Published on 18 Dec 2025, 20:15 UTC (CVSS: 0)
EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the app_service_control parameter. Attackers can send POST requests to /index.php?zone=settings with crafted app_service_control values to execute commands with administrative privileges.
CVE-2024-11215 easyphp Published on 14 Nov 2024, 14:15 UTC (CVSS: 0)
Absolute path traversal (incorrect restriction of a path to a restricted directory) vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server by setting only consecutive strings ‘/...%5c’.
CVE-2023-3767 easyphp Published on 27 Sep 2023, 15:18 UTC (CVSS: 0)
An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the /index.php?zone=settings parameter.

All CVEs for easyphp

CVE-2023-53944 easyphp vulnerability CVSS: 0 18 Dec 2025, 20:15 UTC

EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read system files such as /windows/win.ini.

CVE-2023-53941 easyphp vulnerability CVSS: 0 18 Dec 2025, 20:15 UTC

EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the app_service_control parameter. Attackers can send POST requests to /index.php?zone=settings with crafted app_service_control values to execute commands with administrative privileges.

CVE-2024-11215 easyphp vulnerability CVSS: 0 14 Nov 2024, 14:15 UTC

Absolute path traversal (incorrect restriction of a path to a restricted directory) vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server by setting only consecutive strings ‘/...%5c’.

CVE-2023-3767 easyphp vulnerability CVSS: 0 27 Sep 2023, 15:18 UTC

An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the /index.php?zone=settings parameter.