CNNVD-202507-3016 Information

CNNVD ID

CNNVD-202507-3016

Related CVE

CVE-2015-10141

• CNNVD Published: 2025-07-23

Description (Chinese)

Xdebug是Xdebug开源的一个用于调试和分析PHP代码的扩展。 Xdebug 2.5.5及之前版本存在安全漏洞，该漏洞源于未经验证的OS命令注入，可能导致执行任意PHP代码。

Description (English)

Xdebug is an extension of the Xdebug open source for debugging and analysing PHP codes. There is a security loophole in Xdebug 2.5.5 and earlier versions, which stems from the injection of unverified OS orders and could lead to the enforcement of any PHP code.

Hazard Level

High

Vulnerability Type

其他

Published

2025-07-23

Last Modified

2026-02-24

References

https://paper.seebug.org/397/ http://web.archive.org/web/20231226215418/ https://kirtixs.com/blog/2015/11/13/xpwn-exploiting-xdebug-enabled-servers/ https://www.exploit-db.com/exploits/44568 https://www.fortiguard.com/encyclopedia/ips/46000 https://www.vulncheck.com/advisories/xdebug-remote-debugger-unauth-os-command-execution https://xdebug.org/

Patch

https://xdebug.org/