| VID |
22883 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.13. It is, therefore, affected by an arbitrary command injection vulnerability via the IMAP_open mailbox parameter.
* References :
http://php.net/ChangeLog-7.php#7.2.13
* Platforms Affected:
PHP 7.2.x Prior to 7.2.13
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PHP (7.2.13 or later), available from the PHP web site at http://www.php.net/downloads.php |
| Related URL |
CVE-2018-19158 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
