Inappropriate escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier will allow an attacker to map URLs to filesystem places that happen to be permitted to become served because of the server but are usually not intentionally/instantly reachable by any URL, causing code execution or resource code https://apachesupport24555.blogdeazar.com/28352361/new-step-by-step-map-for-apache-support-service