Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.fifty nine and earlier lets an attacker to map URLs to filesystem destinations which are permitted to be served via the server but are not deliberately/straight reachable by any URL, resulting in code execution or source code disclosure. Another option https://www.hostscheap.com/apache-support-service