Primary

Context

PHPRunner Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in PHPRunner version 10.1. This vulnerability allows local attackers to crash the application by entering an excessively long string, specifically 10,000 characters, in the dashboard name field during the creation of a dashboard. The application crash occurs as a result of this buffer overflow.

Impact

Exploiting this vulnerability leads to a crash of the PHPRunner application, causing a denial-of-service condition where the application becomes unresponsive or unavailable.

Reproduction

To reproduce this vulnerability, create a dashboard in PHPRunner 10.1. During the dashboard creation process, paste a 10,000-character string into the 'Name' field. After clicking 'Ok', the application will crash.

Added: Mar 22, 2026, 2:36 PM

Updated: Mar 22, 2026, 2:36 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

4.6

remediation

0.0

relevance

4.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

4.6

remediation

0.0

relevance

4.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PHPRunner Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

XLineSoft PHPRunner

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating