CVE-2019-11043

🗓️ 28 Oct 2019 14:19:04Reported by phpType

cve🔗 web.nvd.nist.gov📰️ 9 Media mentions👁 4277 Views🌐 WEB

PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 accommodate remote code execution

Reporter	Title	Published	Views	Family All 297
GithubExploit	-CyberPentest-Plugin-Claude-Code	2 Jun 202615:28	–	githubexploit
GithubExploit	Exploit for Out-of-bounds Write in Php	26 Aug 202515:55	–	githubexploit
GithubExploit	Exploit for Out-of-bounds Write in Php	24 Oct 202507:00	–	githubexploit
GithubExploit	Exploit for Out-of-bounds Write in Php	6 Nov 201915:44	–	githubexploit
GithubExploit	Exploit for Out-of-bounds Write in Php	11 Nov 201911:29	–	githubexploit
GithubExploit	Exploit for Out-of-bounds Write in Php	23 Oct 201923:26	–	githubexploit
GithubExploit	Exploit for Out-of-bounds Write in Php	23 Sep 201921:37	–	githubexploit
GithubExploit	Exploit for Out-of-bounds Write in Php	29 Oct 201911:16	–	githubexploit
GithubExploit	Exploit for Out-of-bounds Write in Php	18 Nov 202007:25	–	githubexploit
GithubExploit	Exploit for Out-of-bounds Write in Php	6 Nov 201914:53	–	githubexploit

NVD

Node

php phpRange7.1.0–7.1.33

php phpRange7.2.0–7.2.24

php phpRange7.3.0–7.3.11

Node

canonical ubuntu_linuxMatch12.04esm

canonical ubuntu_linuxMatch14.04esm

canonical ubuntu_linuxMatch16.04lts

canonical ubuntu_linuxMatch18.04lts

canonical ubuntu_linuxMatch19.04

canonical ubuntu_linuxMatch19.10

Node

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

Node

fedoraproject fedoraMatch29

fedoraproject fedoraMatch30

fedoraproject fedoraMatch31

Node

tenable tenable.scRange<5.19.0

Node

redhat software_collectionsMatch1.0

redhat enterprise_linuxMatch8.0

redhat enterprise_linux_desktopMatch6.0

redhat enterprise_linux_desktopMatch7.0

redhat enterprise_linux_eusMatch7.7

redhat enterprise_linux_eusMatch8.1

redhat enterprise_linux_eusMatch8.2

redhat enterprise_linux_eusMatch8.4

redhat enterprise_linux_eusMatch8.6

redhat enterprise_linux_eusMatch8.8

redhat enterprise_linux_eus_compute_nodeMatch7.7

redhat enterprise_linux_for_arm_64Match8.0_aarch64

redhat enterprise_linux_for_arm_64_eusMatch8.1_aarch64

redhat enterprise_linux_for_arm_64_eusMatch8.2_aarch64

redhat enterprise_linux_for_arm_64_eusMatch8.4_aarch64

redhat enterprise_linux_for_arm_64_eusMatch8.6_aarch64

redhat enterprise_linux_for_arm_64_eusMatch8.8_aarch64

redhat enterprise_linux_for_ibm_z_systemsMatch6.0_s390x

redhat enterprise_linux_for_ibm_z_systemsMatch7.0_s390x

redhat enterprise_linux_for_ibm_z_systemsMatch8.0_s390x

redhat enterprise_linux_for_ibm_z_systems_eusMatch7.7_s390x

redhat enterprise_linux_for_ibm_z_systems_eusMatch8.1_s390x

redhat enterprise_linux_for_ibm_z_systems_eusMatch8.2_s390x

redhat enterprise_linux_for_ibm_z_systems_eusMatch8.4_s390x

redhat enterprise_linux_for_ibm_z_systems_eusMatch8.6_s390x

redhat enterprise_linux_for_ibm_z_systems_eusMatch8.8_s390x

redhat enterprise_linux_for_power_big_endianMatch6.0_ppc64

redhat enterprise_linux_for_power_big_endianMatch7.0_ppc64

redhat enterprise_linux_for_power_big_endian_eusMatch7.7_ppc64

redhat enterprise_linux_for_power_little_endianMatch7.0_ppc64le

redhat enterprise_linux_for_power_little_endianMatch8.0_ppc64le

redhat enterprise_linux_for_power_little_endian_eusMatch7.7_ppc64le

redhat enterprise_linux_for_power_little_endian_eusMatch8.1_ppc64le

redhat enterprise_linux_for_power_little_endian_eusMatch8.2_ppc64le

redhat enterprise_linux_for_power_little_endian_eusMatch8.4_ppc64le

redhat enterprise_linux_for_power_little_endian_eusMatch8.6_ppc64le

redhat enterprise_linux_for_power_little_endian_eusMatch8.8_ppc64le

redhat enterprise_linux_for_scientific_computingMatch7.0

redhat enterprise_linux_serverMatch6.0

redhat enterprise_linux_serverMatch7.0

redhat enterprise_linux_server_ausMatch7.7

redhat enterprise_linux_server_ausMatch8.2

redhat enterprise_linux_server_ausMatch8.4

redhat enterprise_linux_server_ausMatch8.6

redhat enterprise_linux_server_tusMatch7.7

redhat enterprise_linux_server_tusMatch8.2

redhat enterprise_linux_server_tusMatch8.4

redhat enterprise_linux_server_tusMatch8.6

redhat enterprise_linux_server_tusMatch8.8

redhat enterprise_linux_workstationMatch6.0

redhat enterprise_linux_workstationMatch7.0

[
  {
    "product": "PHP",
    "vendor": "PHP",
    "versions": [
      {
        "lessThan": "7.1.33",
        "status": "affected",
        "version": "7.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "7.2.24",
        "status": "affected",
        "version": "7.2.x",
        "versionType": "custom"
      },
      {
        "lessThan": "7.3.11",
        "status": "affected",
        "version": "7.3.x",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2019:3724
seclists	www.seclists.org/fulldisclosure/2020/Jan/40
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/
usn	www.usn.ubuntu.com/4166-2/
support	www.support.f5.com/csp/article/K75408500
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/
access	www.access.redhat.com/errata/RHSA-2019:3736
usn	www.usn.ubuntu.com/4166-1/
debian	www.debian.org/security/2019/dsa-4552
tenable	www.tenable.com/security/tns-2021-14

Parameter	Position	Path	Description	CWE
MinQSL	path	index.php	Exposure via PHP-FPM underflow with manipulated query string length and custom header length to enable code execution.	CWE-787, CWE-120
MaxQSL	path	index.php	Exposure via PHP-FPM underflow with manipulated query string length and custom header length to enable code execution.	CWE-787, CWE-120
MaxCustomHeaderLength	path	index.php	Exposure via PHP-FPM underflow with manipulated query string length and custom header length to enable code execution.	CWE-787, CWE-120
CustomHeaderLengthHint	path	index.php	Exposure via PHP-FPM underflow with manipulated query string length and custom header length to enable code execution.	CWE-787, CWE-120
DetectMethod	path	index.php	Exposure via PHP-FPM underflow with manipulated query string length and custom header length to enable code execution.	CWE-787, CWE-120
QSLDetectStep	path	index.php	Exposure via PHP-FPM underflow with manipulated query string length and custom header length to enable code execution.	CWE-787, CWE-120
MaxQSLCandidates	path	index.php	Exposure via PHP-FPM underflow with manipulated query string length and custom header length to enable code execution.	CWE-787, CWE-120
MaxQSLDetectDelta	path	index.php	Exposure via PHP-FPM underflow with manipulated query string length and custom header length to enable code execution.	CWE-787, CWE-120
QSLHint	path	index.php	Exposure via PHP-FPM underflow with manipulated query string length and custom header length to enable code execution.	CWE-787, CWE-120
OperationMaxRetries	path	index.php	Exposure via PHP-FPM underflow with manipulated query string length and custom header length to enable code execution.	CWE-787, CWE-120

03 Nov 2025 19:23Current

9.6High risk

Vulners AI Score9.6

CVSS 27.5

CVSS 3.18.7 - 9.8

EPSS0.94053

SSVC

cve-2019-11043 php fpm remote code execution buffer overflow nvd vulnerability