PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively …
PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to trigger an application crash.
The product allows address regions to overlap, which can result in the bypassing of intended memory protection.
https://cwe.mitre.org/data/definitions/1260.html →Open in CWE collection →An adversary inserts malicious logic into memory enabling them to achieve a negative impact. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems that are still under development and part of the supply chain.
https://capec.mitre.org/data/definitions/456.html →Open in CAPEC collection →https://capec.mitre.org/data/definitions/679.html →Open in CAPEC collection →