Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Out-of-bounds Write Vulnerability (CVE-2019-11043)

Description

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Remediation

References

Related Vulnerabilities

SharePoint Download of Code Without Integrity Check Vulnerability (CVE-2020-1210)

WordPress Plugin Feedify-Web Push Notifications Cross-Site Scripting (2.1.8)

Resin Application Server Other Vulnerability (CVE-2012-2967)

SharePoint CVE-2021-40487 Vulnerability (CVE-2021-40487)

Atlassian Jira CVE-2020-14167 Vulnerability (CVE-2020-14167)

Severity

Critical

Classification

CVE-2019-11043 CWE-787 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities