Description
Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
Remediation
References
Related Vulnerabilities
WordPress Plugin Cool Flickr Slideshow Cross-Site Scripting (1.0)
WordPress Plugin WP SMS Cross-Site Scripting (5.4.12)
WordPress Plugin Multi Rating Multiple Vulnerabilities (5.0.5)
Drupal Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2020-36193)
Liferay DXP Insecure Default Initialization of Resource Vulnerability (CVE-2025-43797)