Lucene search
+L

CVE-2018-19518

🗓️ 25 Nov 2018 10:00:00Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 9 Media mentions👁 2540 Views🌐 WEB

University of WA IMAP Toolkit 2007f on UNIX launches rsh command without preventing argument injection, allowing remote attackers to execute arbitrary OS commands via imap_open() function in PHP and other products

Related
Detection
Refs
Paths
Social
NVD
Node
OR
phpphpRange5.6.05.6.38
phpphpRange7.0.07.0.32
phpphpRange7.1.07.1.24
phpphpRange7.2.07.2.12
Node
ParameterPositionPathDescriptionCWE
PS_SAV_IMAP_URLupload dataadmin2769gx8k3/index.phpPHP imap_open remote code execution through IMAP preauthentication via PS_SAV_IMAP_URL field in Prestashop admin mail settings.CWE-88
server_urlupload dataindex.phpPHP imap_open remote code execution via server_url field in SuiteCRM inbound email settings.CWE-88
mail_bounce_pop3upload datae107_admin/mailout.phpPHP imap_open remote code execution via mail_bounce_pop3 field in e107 settings.CWE-88
serverupload dataimp/test.phpPHP imap_open remote code execution via server field in Horde IMP H3 test endpoint.CWE-88

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation