Lucene search
+L

CVE-2019-11043

🗓️ 28 Oct 2019 14:19:04Reported by phpType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 9 Media mentions👁 4760 Views🌐 WEB

PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 accommodate remote code execution

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
githubexploit
-CyberPentest-Plugin-Claude-Code
2 Jun 202615:28
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Php
26 Aug 202515:55
githubexploit
githubexploit
exploit-toolkit
15 Jul 202613:01
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Php
24 Oct 202507:00
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Php
6 Nov 201915:44
githubexploit
githubexploit
Exploit for Classic Buffer Overflow in Php
9 Jul 202608:21
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Php
11 Nov 201911:29
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Php
23 Oct 201923:26
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Php
23 Sep 201921:37
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Php
29 Oct 201911:16
githubexploit
Rows per page
NVD
Node
OR
phpphpRange7.1.07.1.33
phpphpRange7.2.07.2.24
phpphpRange7.3.07.3.11
Node
tenabletenable.scRange<5.19.0
Node
OR
[
  {
    "product": "PHP",
    "vendor": "PHP",
    "versions": [
      {
        "lessThan": "7.1.33",
        "status": "affected",
        "version": "7.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "7.2.24",
        "status": "affected",
        "version": "7.2.x",
        "versionType": "custom"
      },
      {
        "lessThan": "7.3.11",
        "status": "affected",
        "version": "7.3.x",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
QSLpath/PHP SOSATAttempt to enable a PHP option via crafted query string to trigger FPM underflow (QSL-based).CWE-787CWE-120
CustomHpath/PHP SOSATAttempt to enable a PHP option via crafted query string to trigger FPM underflow (QSL-based).CWE-787CWE-120
Nuutpath/PHP SOSATAttempt to enable a PHP option via crafted query string to trigger FPM underflow (QSL-based).CWE-787CWE-120
@http_param (query string length direction)path/PHP SOSATAttempt to enable a PHP option via crafted query string to trigger FPM underflow (QSL-based).CWE-787CWE-120
QSLpath/PHP_VALUE #{php_setting}Set a PHP INI directive through path payload to influence runtime for exploitation.CWE-787CWE-120
customh_lengthpath/PHP_VALUE #{php_setting}Set a PHP INI directive through path payload to influence runtime for exploitation.CWE-787CWE-120
php_setting (INI directive)path/PHP_VALUE #{php_setting}Set a PHP INI directive through path payload to influence runtime for exploitation.CWE-787CWE-120
QSLpath/path info.phpBaseline/check request used to determine baseline status and vulnerability indicators.CWE-787CWE-120
MinQSL/MaxQSL rangepath/path info.phpBaseline/check request used to determine baseline status and vulnerability indicators.CWE-787CWE-120
QSLpath/path abcdefghijklmopqrstuv.phpCandidate page used during QSL detection phase.CWE-787CWE-120
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 02:12Current
9.6High risk
Vulners AI Score9.6
CVSS 27.5
CVSS 3.18.7 - 9.8
EPSS0.9947
SSVC
4760