CVE-2019-25592

PHPRunner 10.1 Denial of Service via Dashboard Name Field

CVSS 6.9 MEDIUMEPSS 0.2%CWE-1260

In short

PHPRunner 10.1 crashes when someone enters an extremely long text (10,000+ characters) in the dashboard name field during creation. This allows a local attacker to disable the application without needing special permissions.

Technical detail

A buffer overflow vulnerability in PHPRunner 10.1's dashboard creation functionality allows local attackers to trigger a denial of service by supplying an excessively long string (10,000 characters) in the Name field. The vulnerability requires local access and results in application crash, affecting availability.

Summary generated and translated by AI from the official description.

PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to trigger an application crash.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected products

Xlinesoft · PHPRunner

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/46824 https://www.vulncheck.com/advisories/phprunner-denial-of-service-via-dashboard-name-field https://xlinesoft.com/https://xlinesoft.com/phprunner/download.htm