[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-19518":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":39,"aliases":103,"duplicate_of":9,"upstream":104,"downstream":105,"duplicates":128,"related":131,"reserved_at":9,"published_at":136,"modified_at":137,"state":138,"summary":139,"references_raw":147,"kevs":239,"epss":240,"epss_history":243,"metrics":436,"affected":447},"CVE-2018-19518","University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a \"-oProxyCommand\" argument.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-88","Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')","The product constructs a string for a command to be executed by a separate component\nin another control sphere, but it does not properly delimit the\nintended arguments, options, or switches within that command string.","weakness","Draft","Base",[19,23,27,31,35],{"id":20,"name":21,"techniques":22},"CAPEC-137","Parameter Injection",[],{"id":24,"name":25,"techniques":26},"CAPEC-174","Flash Parameter Injection",[],{"id":28,"name":29,"techniques":30},"CAPEC-41","Using Meta-characters in E-mail Headers to Inject Malicious Payloads",[],{"id":32,"name":33,"techniques":34},"CAPEC-460","HTTP Parameter Pollution (HPP)",[],{"id":36,"name":37,"techniques":38},"CAPEC-88","OS Command Injection",[],[40,49,57,62,67,71,85],{"_key":41,"name":42,"source":43,"url":44,"maturity":45,"reliability_score":46,"verified":47,"type":9,"platforms":48,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_BO0OM_PHP_IMAP_OPEN_EXPLOIT","Php Imap Open Exploit","github","https://github.com/Bo0oM/PHP_imap_open_exploit/blob/master/exploit.php","poc",0.3,false,[],{"_key":50,"name":51,"source":52,"url":53,"maturity":54,"reliability_score":55,"verified":47,"type":9,"platforms":56,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_F857C34C1474198B","Exploit Reference (openwall.com)","reference","https://www.openwall.com/lists/oss-security/2018/11/22/3","unknown",0.2,[],{"_key":58,"name":59,"source":52,"url":60,"maturity":54,"reliability_score":55,"verified":47,"type":9,"platforms":61,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_D10BB894F7496E3D","Exploit Reference (bugs.php.net)","https://bugs.php.net/bug.php?id=76428",[],{"_key":63,"name":64,"source":52,"url":65,"maturity":54,"reliability_score":55,"verified":47,"type":9,"platforms":66,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_A04F673355C40B02","Exploit Reference (antichat.com)","https://antichat.com/threads/463395/#post-4254681",[],{"_key":68,"name":59,"source":52,"url":69,"maturity":54,"reliability_score":55,"verified":47,"type":9,"platforms":70,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_A574CA4398AFB07D","https://bugs.php.net/bug.php?id=77153",[],{"_key":72,"name":73,"source":74,"url":75,"maturity":76,"reliability_score":77,"verified":78,"type":79,"platforms":80,"requires_auth":9,"exploitdb":82,"metasploit":9},"45914","PHP imap_open - Remote Code Execution (Metasploit)","exploit-database","https://www.exploit-db.com/exploits/45914","weaponized",0.8,true,"remote",[81],"linux",{"verified":78,"type":79,"platform":81,"file":83,"codes":84},"exploits/linux/remote/45914.rb",[7],{"_key":86,"name":87,"source":88,"url":89,"maturity":76,"reliability_score":90,"verified":78,"type":79,"platforms":91,"requires_auth":47,"exploitdb":9,"metasploit":92},"MSF_EXPLOIT_LINUX_HTTP_PHP_IMAP_OPEN_RCE","php imap_open Remote Code Execution","metasploit","https://github.com/rapid7/metasploit-framework/blob/master/modules/exploit/linux/http/php_imap_open_rce.rb",0.6666666666666666,[],{"fullname":93,"rank":94,"rank_name":95,"post_auth":47,"check":78,"notes":96},"exploit/linux/http/php_imap_open_rce",400,"good",{"Stability":97,"SideEffects":99,"Reliability":101},[98],"unknown-stability",[100],"unknown-side-effects",[102],"unknown-reliability",[],[],[106,108,110,112,114,116,118,120,122,124,126],{"_key":107},"SUSE-SU-2018:3986-1",{"_key":109},"SUSE-SU-2018:3988-1",{"_key":111},"SUSE-SU-2018:3995-1",{"_key":113},"DLA-1608-1",{"_key":115},"DLA-1700-1",{"_key":117},"DLA-2866-1",{"_key":119},"DSA-4353-1",{"_key":121},"MGASA-2018-0484",{"_key":123},"UBUNTU-CVE-2018-19518",{"_key":125},"USN-4160-1",{"_key":127},"DEBIAN-CVE-2018-19518",[129],{"_key":130},"CVE-2018-1000859",[132,133,134,135],{"_key":107},{"_key":109},{"_key":111},{"_key":121},"2018-11-25T10:00:00.000Z","2024-08-05T11:37:11.529Z","Modified",{"cisa_kev":47,"cisa_ransomware":47,"cisa_vendor":9,"epss_severity":140,"epss_score":141,"severity":142,"severity_score":143,"severity_version":144,"severity_source":145,"severity_vector":146,"severity_status":138},"critical",0.93869,"high",8.5,"v2.0","nvd","AV:N/AC:M/Au:S/C:C/I:C/A:C",[148,155,163,169,174,180,185,188,192,195,199,204,207,211,215,218,221,225,230,235],{"url":149,"sources":150,"tags":152},"https://bugs.php.net/bug.php?id=77160",[151,145],"cve.org",[153,154],"X Refsource MISC","Vendor Advisory",{"url":156,"sources":157,"tags":158},"https://www.exploit-db.com/exploits/45914/",[151,145],[159,160,161,162],"Exploit","X Refsource EXPLOIT DB","Third Party Advisory","VDB Entry",{"url":164,"sources":165,"tags":166},"https://lists.debian.org/debian-lts-announce/2019/03/msg00001.html",[151,145],[167,168,161],"Mailing List","X Refsource MLIST",{"url":170,"sources":171,"tags":172},"https://security.netapp.com/advisory/ntap-20181221-0004/",[151,145],[173,161],"X Refsource CONFIRM",{"url":175,"sources":176,"tags":177},"http://www.securitytracker.com/id/1042157",[151,145],[162,178,179],"X Refsource SECTRACK","Broken Link",{"url":181,"sources":182,"tags":183},"https://www.debian.org/security/2018/dsa-4353",[151,145],[154,184,161],"X Refsource DEBIAN",{"url":44,"sources":186,"tags":187},[151,145],[153,159,161],{"url":189,"sources":190,"tags":191},"https://bugs.debian.org/913835",[151,145],[153,167,161],{"url":53,"sources":193,"tags":194},[151,145],[153,159,167,161],{"url":196,"sources":197,"tags":198},"https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=e5bfea64c81ae34816479bb05d17cdffe45adddb",[151,145],[173],{"url":200,"sources":201,"tags":202},"http://www.securityfocus.com/bid/106018",[151,145],[162,203,179],"X Refsource BID",{"url":60,"sources":205,"tags":206},[151,145],[153,159,167,154],{"url":208,"sources":209,"tags":210},"https://bugs.debian.org/913775",[151,145],[153,167,161],{"url":212,"sources":213,"tags":214},"https://bugs.debian.org/913836",[151,145],[153,167,161],{"url":65,"sources":216,"tags":217},[151,145],[153,159,161],{"url":69,"sources":219,"tags":220},[151,145],[153,159,167,154],{"url":222,"sources":223,"tags":224},"https://lists.debian.org/debian-lts-announce/2018/12/msg00006.html",[151,145],[167,168,161],{"url":226,"sources":227,"tags":228},"https://usn.ubuntu.com/4160-1/",[151,145],[154,229,161],"X Refsource UBUNTU",{"url":231,"sources":232,"tags":233},"https://security.gentoo.org/glsa/202003-57",[151,145],[154,234,161],"X Refsource GENTOO",{"url":236,"sources":237,"tags":238},"https://lists.debian.org/debian-lts-announce/2021/12/msg00031.html",[151,145],[167,168,161],[],{"date":241,"score":141,"percentile":242},"2026-06-04",0.99878,[244,248,251,253,255,257,259,261,263,265,267,269,272,274,276,280,282,284,286,288,290,293,295,297,299,301,303,306,308,310,312,314,316,318,320,322,324,326,328,330,332,334,336,338,340,342,344,346,348,350,352,354,356,358,362,364,366,368,370,372,374,376,378,380,382,384,386,388,390,392,394,396,398,400,402,404,406,408,410,412,414,416,418,420,422,425,427,429,431,433],{"date":245,"score":246,"percentile":247},"2025-11-04",0.93956,0.99874,{"date":249,"score":246,"percentile":250},"2025-11-05",0.99875,{"date":252,"score":246,"percentile":250},"2025-11-06",{"date":254,"score":246,"percentile":247},"2025-11-07",{"date":256,"score":246,"percentile":247},"2025-11-08",{"date":258,"score":246,"percentile":250},"2025-11-09",{"date":260,"score":246,"percentile":250},"2025-11-10",{"date":262,"score":246,"percentile":250},"2025-11-11",{"date":264,"score":246,"percentile":250},"2025-11-12",{"date":266,"score":246,"percentile":250},"2025-11-13",{"date":268,"score":246,"percentile":250},"2025-11-14",{"date":270,"score":246,"percentile":271},"2025-11-15",0.99876,{"date":273,"score":246,"percentile":250},"2025-11-16",{"date":275,"score":246,"percentile":250},"2025-11-17",{"date":277,"score":278,"percentile":279},"2025-11-18",0.93342,0.99862,{"date":281,"score":278,"percentile":279},"2025-11-19",{"date":283,"score":278,"percentile":279},"2025-11-20",{"date":285,"score":246,"percentile":247},"2025-11-21",{"date":287,"score":246,"percentile":247},"2025-11-22",{"date":289,"score":246,"percentile":247},"2025-11-23",{"date":291,"score":246,"percentile":292},"2025-11-24",0.99873,{"date":294,"score":246,"percentile":292},"2025-11-25",{"date":296,"score":246,"percentile":292},"2025-11-26",{"date":298,"score":246,"percentile":292},"2025-11-27",{"date":300,"score":246,"percentile":292},"2025-11-28",{"date":302,"score":246,"percentile":292},"2025-11-29",{"date":304,"score":246,"percentile":305},"2025-11-30",0.99872,{"date":307,"score":246,"percentile":250},"2025-12-01",{"date":309,"score":246,"percentile":250},"2025-12-02",{"date":311,"score":246,"percentile":250},"2025-12-03",{"date":313,"score":246,"percentile":305},"2025-12-04",{"date":315,"score":246,"percentile":305},"2025-12-05",{"date":317,"score":246,"percentile":305},"2025-12-06",{"date":319,"score":246,"percentile":305},"2025-12-07",{"date":321,"score":246,"percentile":305},"2025-12-08",{"date":323,"score":246,"percentile":305},"2025-12-09",{"date":325,"score":246,"percentile":305},"2025-12-10",{"date":327,"score":246,"percentile":305},"2025-12-11",{"date":329,"score":246,"percentile":305},"2025-12-12",{"date":331,"score":246,"percentile":305},"2025-12-13",{"date":333,"score":246,"percentile":305},"2025-12-14",{"date":335,"score":246,"percentile":305},"2025-12-15",{"date":337,"score":246,"percentile":292},"2025-12-16",{"date":339,"score":246,"percentile":292},"2025-12-17",{"date":341,"score":246,"percentile":292},"2025-12-18",{"date":343,"score":246,"percentile":292},"2025-12-19",{"date":345,"score":246,"percentile":292},"2025-12-20",{"date":347,"score":246,"percentile":247},"2025-12-21",{"date":349,"score":246,"percentile":247},"2025-12-22",{"date":351,"score":246,"percentile":247},"2025-12-23",{"date":353,"score":246,"percentile":292},"2025-12-24",{"date":355,"score":246,"percentile":247},"2025-12-25",{"date":357,"score":246,"percentile":247},"2025-12-26",{"date":359,"score":360,"percentile":361},"2025-12-27",0.939,0.99865,{"date":363,"score":246,"percentile":247},"2025-12-28",{"date":365,"score":246,"percentile":247},"2025-12-29",{"date":367,"score":246,"percentile":292},"2025-12-30",{"date":369,"score":246,"percentile":292},"2025-12-31",{"date":371,"score":246,"percentile":271},"2026-01-01",{"date":373,"score":246,"percentile":271},"2026-01-02",{"date":375,"score":246,"percentile":271},"2026-01-03",{"date":377,"score":246,"percentile":292},"2026-01-04",{"date":379,"score":246,"percentile":292},"2026-01-05",{"date":381,"score":246,"percentile":292},"2026-01-06",{"date":383,"score":246,"percentile":292},"2026-01-07",{"date":385,"score":246,"percentile":247},"2026-01-08",{"date":387,"score":246,"percentile":247},"2026-01-09",{"date":389,"score":246,"percentile":250},"2026-01-10",{"date":391,"score":246,"percentile":250},"2026-01-11",{"date":393,"score":246,"percentile":250},"2026-01-12",{"date":395,"score":246,"percentile":250},"2026-01-13",{"date":397,"score":246,"percentile":250},"2026-01-14",{"date":399,"score":246,"percentile":250},"2026-01-15",{"date":401,"score":246,"percentile":250},"2026-01-16",{"date":403,"score":246,"percentile":250},"2026-01-17",{"date":405,"score":246,"percentile":250},"2026-01-18",{"date":407,"score":246,"percentile":250},"2026-01-19",{"date":409,"score":246,"percentile":250},"2026-01-20",{"date":411,"score":246,"percentile":250},"2026-01-21",{"date":413,"score":246,"percentile":250},"2026-01-22",{"date":415,"score":246,"percentile":250},"2026-01-23",{"date":417,"score":246,"percentile":271},"2026-01-24",{"date":419,"score":246,"percentile":271},"2026-01-25",{"date":421,"score":246,"percentile":271},"2026-01-26",{"date":423,"score":246,"percentile":424},"2026-01-27",0.99877,{"date":426,"score":246,"percentile":424},"2026-01-28",{"date":428,"score":246,"percentile":424},"2026-01-29",{"date":430,"score":246,"percentile":424},"2026-01-30",{"date":432,"score":246,"percentile":424},"2026-01-31",{"date":434,"score":246,"percentile":435},"2026-02-01",0.9988,[437],{"source":145,"cvss_v2_0":438,"cvss_v3_0":9,"cvss_v3_1":441,"cvss_v4_0":9},{"baseScore":143,"baseSeverity":9,"vectorString":146,"impactScore":439,"exploitabilityScore":440},10,6.8,{"baseScore":442,"baseSeverity":443,"vectorString":444,"impactScore":445,"exploitabilityScore":446},7.5,"HIGH","CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",9.8,4.1,[448,461,470,490],{"ecosystem":9,"name":449,"vendor":450,"product":451,"cpe_part":452,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":453},"ubuntu linux","canonical","ubuntu_linux","o",[454,457,459],{"version":455,"is_range":47,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04","cpe",{"version":458,"is_range":47,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.04",{"version":460,"is_range":47,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"19.04",{"ecosystem":9,"name":462,"vendor":463,"product":464,"cpe_part":452,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":465},"debian linux","debian","debian_linux",[466,468],{"version":467,"is_range":47,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"version":469,"is_range":47,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":471,"vendor":9,"product":471,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":472},"PHP",[473,478,482,486],{"version":474,"is_range":78,"range_type":456,"version_start":475,"version_start_type":476,"version_end":477,"version_end_type":476,"fixed_in":9},"gte5.6.0_lte5.6.38","5.6.0","including","5.6.38",{"version":479,"is_range":78,"range_type":456,"version_start":480,"version_start_type":476,"version_end":481,"version_end_type":476,"fixed_in":9},"gte7.0.0_lte7.0.32","7.0.0","7.0.32",{"version":483,"is_range":78,"range_type":456,"version_start":484,"version_start_type":476,"version_end":485,"version_end_type":476,"fixed_in":9},"gte7.1.0_lte7.1.24","7.1.0","7.1.24",{"version":487,"is_range":78,"range_type":456,"version_start":488,"version_start_type":476,"version_end":489,"version_end_type":476,"fixed_in":9},"gte7.2.0_lte7.2.12","7.2.0","7.2.12",{"ecosystem":9,"name":491,"vendor":492,"product":491,"cpe_part":493,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":494},"uw-imap","uw-imap_project","a",[495],{"version":496,"is_range":47,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2007f"]