### [CVE-2015-10141](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-10141)
![](https://img.shields.io/static/v1?label=Product&message=Xdebug&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=*%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%20Missing%20Authentication%20for%20Critical%20Function&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brightgreen)

### Description

An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker can send a crafted eval command over this interface to execute arbitrary PHP code, which may invoke system-level functions such as system() or passthru(). This results in full compromise of the host under the privileges of the web server user.

### POC

#### Reference
- https://www.exploit-db.com/exploits/44568
- https://www.vulncheck.com/advisories/xdebug-remote-debugger-unauth-os-command-execution

#### Github
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/D3Ext/CVE-2015-10141
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/n0m4d22/PoC-CVE-2015-10141-Xdebug