CVE-2019-25592
Received Received - Intake
Buffer Overflow in PHPRunner 10.1 Dashboard Causes DoS

Publication date: 2026-03-22

Last updated on: 2026-03-22

Assigner: VulnCheck

Description
PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-22
Last Modified
2026-03-22
Generated
2026-06-16
AI Q&A
2026-03-22
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25592
EUVD
EUVD-2019-19926
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
xlinesoft phprunner to 11.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1260 The product allows address regions to overlap, which can result in the bypassing of intended memory protection.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25592 is a denial of service (DoS) vulnerability in PHPRunner version 10.1 that allows a local attacker to crash the application by supplying an excessively long string in the dashboard name field.

Specifically, an attacker can paste a buffer of 10,000 characters into the Name field during dashboard creation, which causes the application to crash due to improper handling of large input strings.

This vulnerability is related to a buffer overflow or input handling flaw that leads to the application becoming unavailable.

Impact Analysis

The primary impact of this vulnerability is a denial of service condition where the PHPRunner application crashes and becomes unavailable.

Since the vulnerability can be triggered by a local attacker without any privileges or user interaction, it can disrupt normal operations by causing unexpected application downtime.

This can affect availability of services relying on PHPRunner, potentially interrupting business processes or development activities.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition on the PHPRunner 10.1 application. Specifically, a test can be performed by inputting an excessively long string (10,000 characters) into the dashboard name field during dashboard creation to see if the application crashes.'}, {'type': 'paragraph', 'content': "A proof-of-concept method involves running a Python script that generates a payload of 10,000 'A' characters, copying this payload to the clipboard, and then pasting it into the Name field in the dashboard creation wizard of PHPRunner 10.1. If the application crashes, the vulnerability is present."}, {'type': 'list_item', 'content': 'Run the Python script `PHPRunner_10_1.py` to generate the payload file `PHPRunner_10_1.txt`.'}, {'type': 'list_item', 'content': "Copy the contents of `PHPRunner_10_1.txt` (10,000 'A's) to the clipboard."}, {'type': 'list_item', 'content': 'Open PHPRunner 10.1 and navigate through the wizard: click Next, select Microsoft Access as the database, click Next again.'}, {'type': 'list_item', 'content': "Create a new database and a new table, then select 'Create dashboard'."}, {'type': 'list_item', 'content': 'Paste the clipboard content into the dashboard Name field and click Ok.'}, {'type': 'paragraph', 'content': 'If the application crashes after these steps, the vulnerability is detected.'}] [1]

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25592. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart