CVE-2019-25592

MEDIUM 6.2

PHPRunner 10.1 Denial of Service via Dashboard Name Field

CVSS Score

6.2

EPSS Score

0.0%

EPSS Percentile

2th

PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to trigger an application crash.

CWE	CWE-1260
Vendor	xlinesoft
Product	phprunner
Published	Mar 22, 2026
Last Updated	Mar 23, 2026

Stay Ahead of the Next One

Get instant alerts for xlinesoft phprunner

Be the first to know when new medium vulnerabilities affecting xlinesoft phprunner are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

Xlinesoft / PHPRunner

10.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/46824 xlinesoft.com: https://xlinesoft.com/ xlinesoft.com: https://xlinesoft.com/phprunner/download.htm vulncheck.com: https://www.vulncheck.com/advisories/phprunner-denial-of-service-via-dashboard-name-field

Credits

Victor Mondragón