Code Execution Flaws in PHP


Multiple vulnerabilities patched in the latest update.

The PHP community has released updates to PHP in order to patch multiple vulnerabilities in one of the most popular programming languages.

According to the Hacker News, “The vulnerabilities could leave hundreds of thousands of web applications that rely on PHP open to code execution attacks, including websites powered by some popular content management systems such as WordPress, Drupal, and Typo3.”

Out of all these vulnerabilities, the most critical one was found in the Oniguruma library that comes bundled with PHP. 

Red Hat released an advisory stating that the vulnerability “allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing crafted regular expressions.”

If your projects use PHP, please update immediately.


Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.