Multiple PHP vulnerabilities fixed

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released a security advisory that addresses multiple PHP vulnerabilities. 

The Hypertext Preprocessor (PHP) vulnerabilities are rated High severity and could allow an attacker to execute arbitrary code  in the context of the affected application.  

Systems impacted include PHP 7.2 prior to 7.2.11 and PHP 7.1 prior to 7.1.23.

“Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in a denial-of-service condition,” MS-ISAC warned in the advisory

System administrators should upgrade PHP installations as soon as possible. 

Leave a Comment

Your email address will not be published.