OS Command Injection Vulnerability in Xdebug PHP Debugging Extension
CVE-2015-10141
Key Information:
Badges
What is CVE-2015-10141?
An OS command injection vulnerability exists in Xdebug, a PHP debugging extension, allowing unauthenticated attackers to exploit the remote debugging feature. When remote debugging is enabled, Xdebug listens on port 9000, accepting debugger protocol commands without authentication. This vulnerability allows an attacker to send a specially crafted eval command, which may execute arbitrary PHP code on the server, invoking system-level functions and potentially leading to a complete compromise of the host system under the privileges of the web server user.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Xdebug * <= 2.5.5
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
57% chance of being exploited in the next 30 days.
CVSS V4
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved