Korean
<< Back
VID 22881
Severity 40
Port 80, ...
Protocol TCP
Class CGI
Detailed Description According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.39. It is, therefore, affected by an arbitrary command injection vulnerability via the IMAP_open mailbox parameter.

* References :
http://php.net/ChangeLog-5.php#5.6.39

* Platforms Affected:
PHP 5.6.x Prior to 5.6.39
Any operating system Any version
Recommendation Upgrade to the latest version of PHP (5.6.39 or later), available from the PHP web site at http://www.php.net/downloads.php
Related URL CVE-2018-19158,CVE-2018-19935 (CVE)
Related URL (SecurityFocus)
Related URL (ISS)