PHP Archives - Securezoo

Cyberattacks on WordPress plugin Modern WPBakery Page Builder Addons

Cybersecurity Attacks, Vulnerabilities & Exploits / By Frank Crast / July 17, 2022 July 17, 2022 /

Researchers from Wordfence have spotted scans against 1.6 million WordPress sites looking for vulnerable Kaswara Modern WPBakery Page Builder Addons plugin.

Tags: AJAX, CVE-2021-24284, Kaswara, PHP, Wordfence, WPBakery

NotLegit: 4-year old Microsoft Azure App Service 0-day vulnerability affects source code repositories

Application Security, Cybersecurity Attacks, Vulnerabilities & Exploits / By Frank Crast / December 29, 2021 December 29, 2021 /

A four-year old Microsoft Azure App Service 0-day vulnerability dubbed “NotLegit” affects hundreds of source code repositories.

Tags: 0-day, App Service, Azure, GitHub, IIS, Local Git, Microsoft, Node, PHP, Python, Ruby, Windows

PHP user database leak allegedly led to PHP source code compromise

Application Security, Password Management, Vulnerabilities & Exploits / By Frank Crast / April 7, 2021 April 7, 2021 /

PHP maintainer Nikita Popov has published new details regarding the likely cause of a recent PHP source code compromise and insert of malicious code.

Tags: Gilotine, PHP, Source Code

Drupal patches 2 Critical arbitrary PHP code execution vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / November 27, 2020 December 26, 2021 /

Drupal has released a security update that fixes two Critical arbitrary PHP code execution vulnerabilities (CVE-2020-28949 and CVE-2020-28948) in multiple versions of Drupal.

Tags: Archive_Tar, CVE-2020-28948, CVE-2020-28949, Drupal, PHP

Drupal patches Critical RCE vulnerability (CVE-2020-13671)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / November 23, 2020 November 23, 2020 /

Drupal has released a security update that fixes a Critical RCE vulnerability CVE-2020-13671 in multiple versions of Drupal.

Tags: CVE-2020-13671, Druplal, MIME, PHP, RCE

Critical File Manager plugin vulnerability affects 700k WordPress Websites

Application Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / September 7, 2020 September 7, 2020 /

Developers have updated the WordPress plugin File Manager to fix a critical vulnerability that could have allowed hackers to gain complete access to nearly 700 thousand WordPress websites.

Tags: elFinder, File Manager, PHP, WordPress

Adobe patches Magento vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / February 1, 2020 February 1, 2020 /

Adobe has released security updates that fix multiple vulnerabilities in Magento Commerce and Open Source editions.

Tags: Adobe, CVE-2020-3719, Magento, PHP, SQLi, Vulnerabilities

PHP 7 remote code execution vulnerability exploited in the wild

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / October 27, 2019 October 27, 2019 /

A recently patched vulnerability in newer versions of the PHP programming language is being exploited in the wild. The remote code execution (RCE) bug could allow an attacker to take over NGINX servers.

Tags: NGINX, PHP, PHP 7, PHP-FPM, RCE

WordPress 5.1.1 security update

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / March 14, 2019 June 2, 2019 /

WordPress 5.1.1 security and maintenance release is now available. The update released on Wednesday includes 14 fixes and enhancements.

Tags: PHP, WordPress

Miori IoT botnet spreads through PHP framework RCE vulnerability

Internet of Things (IoT), Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / December 26, 2018 September 5, 2019 /

Attackers are using a variant of the infamous Mirai IoT botnet dubbed “Miori” to exploit a Remote Code Execution (RCE) vulnerability in ThinkPHP, a free open-source PHP framework.

Tags: 1Z1H9, APEP, botnet, CVE-2017-17215, Huawei, IOT, Miori, PHP, ThinkPHP, Vulnerabilities