CVE-2018-19518

🗓️ 25 Nov 2018 10:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 9 Media mentions👁 2508 Views🌐 WEB

University of WA IMAP Toolkit 2007f on UNIX launches rsh command without preventing argument injection, allowing remote attackers to execute arbitrary OS commands via imap_open() function in PHP and other products

Reporter	Title	Published	Views	Family All 98
IBM Security Bulletins	Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in PHP.	7 Dec 202322:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerability in PHP (CVE-2018-19518)	8 Jan 202021:42	–	ibm
Gitee	Exploit for Argument Injection in Php	22 Oct 202016:40	–	gitee
Gitee	Exploit for CVE-2014-4878	28 Mar 202000:48	–	gitee
ATTACKERKB	CVE-2018-19518	25 Nov 201800:00	–	attackerkb
Amazon	Medium: php56, php70, php71, php72	9 Jan 201900:00	–	amazon
Tenable Nessus	Amazon Linux AMI : php56 / php70,php71,php72 (ALAS-2019-1147)	14 Jan 201900:00	–	nessus
Tenable Nessus	Debian DLA-1608-1 : php5 security update	17 Dec 201800:00	–	nessus
Tenable Nessus	Debian DLA-1700-1 : uw-imap security update	4 Mar 201900:00	–	nessus
Tenable Nessus	Debian DLA-2866-1 : uw-imap - LTS security update	30 Dec 202100:00	–	nessus

NVD

Node

php phpRange5.6.0–5.6.38

php phpRange7.0.0–7.0.32

php phpRange7.1.0–7.1.24

php phpRange7.2.0–7.2.12

Node

debian debian_linuxMatch8.0

debian debian_linuxMatch9.0

Node

uw-imap_project uw-imapMatch2007f

Node

canonical ubuntu_linuxMatch16.04esm

canonical ubuntu_linuxMatch18.04lts

canonical ubuntu_linuxMatch19.04

Source	Link
bugs	www.bugs.php.net/bug.php
debian	www.debian.org/security/2018/dsa-4353
bugs	www.bugs.debian.org/913835
bugs	www.bugs.debian.org/913775
exploit-db	www.exploit-db.com/exploits/45914/
lists	www.lists.debian.org/debian-lts-announce/2018/12/msg00006.html
openwall	www.openwall.com/lists/oss-security/2018/11/22/3
bugs	www.bugs.php.net/bug.php
git	www.git.php.net/
bugs	www.bugs.debian.org/913836

Parameter	Position	Path	Description	CWE
ajax	request body	prestashop/index.php	Prestashop login flow exploited via imap_open RCE payload injection through login form fields.	CWE-88
token	request body	prestashop/index.php	Prestashop login flow exploited via imap_open RCE payload injection through login form fields.	CWE-88
controller	request body	prestashop/index.php	Prestashop login flow exploited via imap_open RCE payload injection through login form fields.	CWE-88
submitLogin	request body	prestashop/index.php	Prestashop login flow exploited via imap_open RCE payload injection through login form fields.	CWE-88
passwd	request body	prestashop/index.php	Prestashop login flow exploited via imap_open RCE payload injection through login form fields.	CWE-88
email	request body	prestashop/index.php	Prestashop login flow exploited via imap_open RCE payload injection through login form fields.	CWE-88
redirect	request body	prestashop/index.php	Prestashop login flow exploited via imap_open RCE payload injection through login form fields.	CWE-88
module	request body	suitecrm/index.php	SuiteCRM login flow exploited via imap_open RCE payload injection through authentication form fields.	CWE-88
action	request body	suitecrm/index.php	SuiteCRM login flow exploited via imap_open RCE payload injection through authentication form fields.	CWE-88
cant_login	request body	suitecrm/index.php	SuiteCRM login flow exploited via imap_open RCE payload injection through authentication form fields.	CWE-88

21 Nov 2024 03:58Current

8.1High risk

Vulners AI Score8.1

CVSS 3.17.5

CVSS 28.5

EPSS0.93869

CWE-88