CVE-2019-25592
Buffer Overflow in PHPRunner 10.1 Dashboard Causes DoS
Publication date: 2026-03-22
Last updated on: 2026-03-22
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xlinesoft | phprunner | to 11.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1260 | The product allows address regions to overlap, which can result in the bypassing of intended memory protection. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25592 is a denial of service (DoS) vulnerability in PHPRunner version 10.1 that allows a local attacker to crash the application by supplying an excessively long string in the dashboard name field.
Specifically, an attacker can paste a buffer of 10,000 characters into the Name field during dashboard creation, which causes the application to crash due to improper handling of large input strings.
This vulnerability is related to a buffer overflow or input handling flaw that leads to the application becoming unavailable.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service condition where the PHPRunner application crashes and becomes unavailable.
Since the vulnerability can be triggered by a local attacker without any privileges or user interaction, it can disrupt normal operations by causing unexpected application downtime.
This can affect availability of services relying on PHPRunner, potentially interrupting business processes or development activities.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition on the PHPRunner 10.1 application. Specifically, a test can be performed by inputting an excessively long string (10,000 characters) into the dashboard name field during dashboard creation to see if the application crashes.'}, {'type': 'paragraph', 'content': "A proof-of-concept method involves running a Python script that generates a payload of 10,000 'A' characters, copying this payload to the clipboard, and then pasting it into the Name field in the dashboard creation wizard of PHPRunner 10.1. If the application crashes, the vulnerability is present."}, {'type': 'list_item', 'content': 'Run the Python script `PHPRunner_10_1.py` to generate the payload file `PHPRunner_10_1.txt`.'}, {'type': 'list_item', 'content': "Copy the contents of `PHPRunner_10_1.txt` (10,000 'A's) to the clipboard."}, {'type': 'list_item', 'content': 'Open PHPRunner 10.1 and navigate through the wizard: click Next, select Microsoft Access as the database, click Next again.'}, {'type': 'list_item', 'content': "Create a new database and a new table, then select 'Create dashboard'."}, {'type': 'list_item', 'content': 'Paste the clipboard content into the dashboard Name field and click Ok.'}, {'type': 'paragraph', 'content': 'If the application crashes after these steps, the vulnerability is detected.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
I don't know