Inappropriate escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and before allows an attacker to map URLs to filesystem spots that happen to be permitted to become served from the server but aren't intentionally/right reachable by any URL, resulting in code execution or resource code disclosure. An attacker, https://stevev976bpz9.empirewiki.com/user
