Multiple vulnerabilities in PHP
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-19395 CVE-2018-19396 CVE-2018-19518 |
| CWE-ID | CWE-476 CWE-77 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
PHP Universal components / Libraries / Scripting languages |
| Vendor | PHP Group |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Null pointer dereference
EUVDB-ID: #VU16018
Risk: Low
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-19395
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to NULL pointer dereference condition in the ext/standard/var.c file. A remote attacker can send a specially crafted request that submits malicious input, trigger a NULL pointer dereference condition and cause the software to crash.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 7.1.0 - 7.1.24
CPE2.3 External linkshttps://bugs.php.net/bug.php?id=77177
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Null pointer dereference
EUVDB-ID: #VU16019
Risk: Low
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-19396
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to NULL pointer dereference condition that exists in the ext/standard/var_unserializer.c file when an unserialize call is made for the com, dotnet, or variant class. A remote attacker can send a specially crafted request that submits malicious input, trigger a NULL pointer dereference condition and cause the software to crash.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 7.1.0 - 7.1.24
CPE2.3https://bugs.php.net/bug.php?id=77177
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Command injection
EUVDB-ID: #VU16067
Risk: Low
CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2018-19518
CWE-ID:
CWE-77 - Command injection
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary commands on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to inject and execute arbitrary commands.
Install update from vendor's website.
Vulnerable software versionsPHP: 5.6.0 - 7.2.12
CPE2.3 External linkshttps://bugs.php.net/bug.php?id=77153
https://github.com/Bo0oM/PHP_imap_open_exploit/blob/master/exploit.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
