What is CVE-2018-19518?

CVE-2018-19518 is a vulnerability in N/a. Published 2018-11-25.

Is CVE-2018-19518 known to be exploited?

21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-19518

University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c)…

EPSS: 0.939 (99.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

bugs.php.net/bug.php (x_refsource_MISC)
45914 (exploit, x_refsource_EXPLOIT-DB)
[debian-lts-announce] 20190301 [SECURITY] [DLA 1700-1] uw-imap security update (mailing-list, x_refsource_MLIST)
security.netapp.com/advisory/ntap-20181221-0004/ (x_refsource_CONFIRM)
1042157 (vdb-entry, x_refsource_SECTRACK)
DSA-4353 (vendor-advisory, x_refsource_DEBIAN)
github.com/Bo0oM/PHP_imap_open_exploit/blob/master/exploit.php (x_refsource_MISC)
bugs.debian.org/913835 (x_refsource_MISC)
www.openwall.com/lists/oss-security/2018/11/22/3 (x_refsource_MISC)
git.php.net/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-19518?: CVE-2018-19518 is a vulnerability in N/a. Published 2018-11-25.
Is CVE-2018-19518 known to be exploited?: 21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.