Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_98882
HistoryJan 31, 2019 - 12:00 a.m.

PHP 7.1.x < 7.1.25 Multiple vulnerabilities

2019-01-3100:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
30

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.969

Percentile

99.7%

JSON

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.39, 7.0.x prior to 7.0.33, 7.1.x prior to 7.1.25, 7.2.x prior to 7.2.13 or 7.3.x prior to 7.3.0. It is, therefore, affected by multiple vulnerabilities:

  • An arbitrary command injection vulnerability exists in the imap_open function due to improper filters for mailbox names prior to passing them to rsh or ssh commands. An authenticated, remote attacker can exploit this by sending a specially crafted IMAP server name to cause the execution of arbitrary commands on the target system. (CVE-2018-19518)

  • A heap buffer over-read exists in the phar_parse_pharfile function. An unauthenticated, remote attacker can exploit this to read allocated or unallocated memory past the actual data when trying to parse a .phar file. (CVE-2018-20783)

  • A NULL pointer dereference on Windows. An unauthenticated, remote attacker can exploit this to crash the application and perform a denial of service. (CVE-2018-19395)

Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.

No source data

Related

nessus 52
openvas 33
osv 10
ubuntucve 4
nvd 5
prion 4
alpinelinux 4
debiancve 4
cvelist 4
cve 5
debian 4
attackerkb 1
veracode 2
ibm 3
suse 6
wallarmlab 1
exploitdb 1
redhatcve 3
checkpoint_advisories 1
mageia 1
ubuntu 2
hackerone 1
f5 3
fedora 2
amazon 1
metasploit 1
gentoo 1
almalinux 1
oraclelinux 1
redhat 3
rocky 1
rosalinux 1
nessus
nessus
PHP 7.3.x < 7.3.0 Multiple vulnerabilities
2019-01-31 00:00:00
PHP 7.2.x < 7.2.13 Multiple vulnerabilities
2019-01-31 00:00:00
PHP 5.6.x < 5.6.39 Multiple vulnerabilities
2019-01-31 00:00:00
openvas
openvas
PHP Multiple Vulnerabilities (Dec 2018) - Windows
2018-12-11 00:00:00
PHP Multiple Vulnerabilities (Dec 2018) - Linux
2018-12-11 00:00:00
Debian: Security Advisory (DLA-1608-1)
2018-12-17 00:00:00
osv
osv
php5 - security update
2018-12-16 00:00:00
CVE-2018-19395
2018-11-20 21:29:01
uw-imap - security update
2021-12-29 00:00:00
ubuntucve
ubuntucve
CVE-2018-19395
2018-11-20 00:00:00
CVE-2018-19518
2018-11-25 00:00:00
CVE-2018-20783
2019-02-21 00:00:00
nvd
nvd
CVE-2018-19395
2018-11-20 21:29:01
CVE-2018-19518
2018-11-25 10:29:00
CVE-2018-20783
2019-02-21 19:29:00
prion
prion
Null pointer dereference
2018-11-20 21:29:00
Input validation
2018-11-25 10:29:00
Design/Logic Flaw
2019-02-21 19:29:00
alpinelinux
alpinelinux
CVE-2018-19395
2018-11-20 21:29:01
CVE-2018-19518
2018-11-25 10:29:00
CVE-2018-20783
2019-02-21 19:29:00
debiancve
debiancve
CVE-2018-19395
2018-11-20 21:29:01
CVE-2018-20783
2019-02-21 19:29:00
CVE-2018-19518
2018-11-25 10:29:00
cvelist
cvelist
CVE-2018-19395
2018-11-20 21:00:00
CVE-2018-19518
2018-11-25 10:00:00
CVE-2018-20783
2019-02-21 19:00:00
cve
cve
CVE-2018-19395
2018-11-20 21:29:01
CVE-2018-19518
2018-11-25 10:29:00
CVE-2018-20783
2019-02-21 19:29:00
debian
debian
[SECURITY] [DLA 2866-1] uw-imap security update
2021-12-29 17:12:17
[SECURITY] [DLA 1700-1] uw-imap security update
2019-03-01 13:26:16
[SECURITY] [DLA 1608-1] php5 security update
2018-12-17 01:56:08
attackerkb
attackerkb
CVE-2018-19518
2018-11-25 00:00:00
veracode
veracode
Information Disclosure
2019-08-20 00:10:41
Remote Code Execution (RCE)
2020-09-21 06:25:14
ibm
ibm
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in PHP.
2023-12-07 22:45:07
Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerability in PHP (CVE-2018-19518)
2020-01-08 21:42:21
Security Bulletin: API Connect's Developer Portal is impacted by vulnerabilities in PHP
2020-03-03 02:43:43
suse
suse
Recommended update for php5 (moderate)
2018-12-08 00:19:13
Recommended update for php7 (moderate)
2018-12-08 00:11:09
Security update for php5 (moderate)
2019-04-23 00:00:00
wallarmlab
wallarmlab
RCE in PHP or how to bypass disable_functions in PHP installations
2018-12-06 17:32:24
exploitdb
exploitdb
PHP imap_open - Remote Code Execution (Metasploit)
2018-11-29 00:00:00
redhatcve
redhatcve
CVE-2018-19518
2018-11-28 10:19:59
CVE-2018-20783
2020-01-19 09:40:43
CVE-2019-9021
2019-10-29 04:03:55
checkpoint_advisories
checkpoint_advisories
PHP IMAP imap_open Command Injection (CVE-2018-19518)
2022-11-17 00:00:00
mageia
mageia
Updated php packages fix security vulnerability
2018-12-20 23:17:27
ubuntu
ubuntu
UW IMAP vulnerability
2019-10-21 00:00:00
PHP vulnerabilities
2019-05-22 00:00:00
hackerone
hackerone
Internet Bug Bounty: Heap Buffer Overflow (READ: 4) in phar_parse_pharfile
2019-01-09 22:03:25
f5
f5
PHP vulnerabilities CVE-2018-19395 and CVE-2018-19396
2019-02-22 09:00:00
K03544225 : PHP vulnerabilities CVE-2018-19518 and CVE-2018-19935
2019-01-08 00:00:00
K50602063 : PHP vulnerability CVE-2019-9021
2019-02-28 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: php-7.2.13-2.fc29
2018-12-17 19:12:53
[SECURITY] Fedora 28 Update: php-7.2.13-2.fc28
2018-12-17 02:28:09
amazon
amazon
Medium: php56, php70, php71, php72
2019-01-09 22:58:00
metasploit
metasploit
php imap_open Remote Code Execution
2018-11-19 02:28:19
gentoo
gentoo
PHP: Multiple vulnerabilities
2020-03-26 00:00:00
almalinux
almalinux
Moderate: php:7.2 security, bug fix, and enhancement update
2020-04-28 08:57:54
oraclelinux
oraclelinux
php:7.2 security, bug fix, and enhancement update
2020-05-05 00:00:00
redhat
redhat
(RHSA-2020:1624) Moderate: php:7.2 security, bug fix, and enhancement update
2020-04-28 08:57:54
(RHSA-2019:3299) Critical: rh-php72-php security update
2019-11-01 12:22:19
(RHSA-2019:2519) Moderate: rh-php71-php security, bug fix, and enhancement update
2019-08-19 08:09:18
rocky
rocky
php:7.2 security, bug fix, and enhancement update
2020-04-28 08:57:54
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.969

Percentile

99.7%

JSON
Related for WEB_APPLICATION_SCANNING_98882
nessus52openvas33osv10ubuntucve4nvd5prion4alpinelinux4debiancve4cvelist4cve5debian4attackerkb1veracode2ibm3suse6wallarmlab1exploitdb1redhatcve3checkpoint_advisories1mageia1ubuntu2hackerone1f53fedora2amazon1metasploit1gentoo1almalinux1oraclelinux1redhat3rocky1rosalinux1