WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Out-of-bounds Write Vulnerability (CVE-2019-11043)

Description

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Remediation

References

Related Vulnerabilities

WordPress Plugin AdKlick Advertising Management Unspecified Vulnerability (1.1)

WordPress Plugin Crayon Syntax Highlighter 'wp_load' Parameter Remote File Include (1.12.1)

WordPress Plugin Custom Simple Rss Cross-Site Request Forgery (2.0.6)

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3837)

MySQL Other Vulnerability (CVE-2010-1849)

Severity

Critical

Classification

CVE-2019-11043 CWE-787 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities