Code Execution Flaws in PHP

By

Multiple vulnerabilities patched in the latest update.

The PHP community has released updates to PHP in order to patch multiple vulnerabilities in one of the most popular programming languages.

According to the Hacker News, “The vulnerabilities could leave hundreds of thousands of web applications that rely on PHP open to code execution attacks, including websites powered by some popular content management systems such as WordPress, Drupal, and Typo3.”

Out of all these vulnerabilities, the most critical one was found in the Oniguruma library that comes bundled with PHP. 

Red Hat released an advisory stating that the vulnerability “allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing crafted regular expressions.”

If your projects use PHP, please update immediately.

09/10/2019
comments powered by Disqus