ubuntu · CVE-2015-10141

Quick triage

Priority: medium Published: 2025-07-23 14:15:00 UTC Updated: 2025-07-23 18:11:07 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2015-10141 medium priority: Ubuntu including 1 source packages (xdebug), 8 status rows across 8 suites (bionic, focal, jammy, noble, plucky, questing, upstream, xenial): needs-triage 7, ignored 1.

Description:

An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker can send a crafted eval command over this interface to execute arbitrary PHP code, which may invoke system-level functions such as system() or passthru(). This results in full compromise of the host under the privileges of the web server user.

cvelogic Threat Intelligence