PHP Archives - Securezoo

NotLegit: 4-year old Microsoft Azure App Service 0-day vulnerability affects source code repositories

Application Security, Cybersecurity Attacks, Vulnerabilities & Exploits / By Frank Crast / December 29, 2021 December 29, 2021

A four-year old Microsoft Azure App Service 0-day vulnerability dubbed “NotLegit” affects hundreds of source code repositories.

Tags: 0-day, App Service, Azure, GitHub, IIS, Local Git, Microsoft, Node, PHP, Python, Ruby, Windows

PHP user database leak allegedly led to PHP source code compromise

Application Security, Password Management, Vulnerabilities & Exploits / By Frank Crast / April 7, 2021 April 7, 2021

PHP maintainer Nikita Popov has published new details regarding the likely cause of a recent PHP source code compromise and insert of malicious code.

Tags: Gilotine, PHP, Source Code

Drupal patches 2 Critical arbitrary PHP code execution vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / November 27, 2020 December 26, 2021

Drupal has released a security update that fixes two Critical arbitrary PHP code execution vulnerabilities (CVE-2020-28949 and CVE-2020-28948) in multiple versions of Drupal.

Tags: Archive_Tar, CVE-2020-28948, CVE-2020-28949, Drupal, PHP

Drupal patches Critical RCE vulnerability (CVE-2020-13671)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / November 23, 2020 November 23, 2020

Drupal has released a security update that fixes a Critical RCE vulnerability CVE-2020-13671 in multiple versions of Drupal.

Tags: CVE-2020-13671, Druplal, MIME, PHP, RCE

Critical File Manager plugin vulnerability affects 700k WordPress Websites

Application Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / September 7, 2020 September 7, 2020

Developers have updated the WordPress plugin File Manager to fix a critical vulnerability that could have allowed hackers to gain complete access to nearly 700 thousand WordPress websites.

Tags: elFinder, File Manager, PHP, WordPress

Adobe patches Magento vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / February 1, 2020 February 1, 2020

Adobe has released security updates that fix multiple vulnerabilities in Magento Commerce and Open Source editions.

Tags: Adobe, CVE-2020-3719, Magento, PHP, SQLi, Vulnerabilities

PHP 7 remote code execution vulnerability exploited in the wild

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / October 27, 2019 October 27, 2019

A recently patched vulnerability in newer versions of the PHP programming language is being exploited in the wild. The remote code execution (RCE) bug could allow an attacker to take over NGINX servers.

Tags: NGINX, PHP, PHP 7, PHP-FPM, RCE

WordPress 5.1.1 security update

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / March 14, 2019 June 2, 2019

WordPress 5.1.1 security and maintenance release is now available. The update released on Wednesday includes 14 fixes and enhancements.

Tags: PHP, WordPress

Miori IoT botnet spreads through PHP framework RCE vulnerability

Internet of Things (IoT), Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / December 26, 2018 September 5, 2019

Attackers are using a variant of the infamous Mirai IoT botnet dubbed “Miori” to exploit a Remote Code Execution (RCE) vulnerability in ThinkPHP, a free open-source PHP framework.

Tags: 1Z1H9, APEP, botnet, CVE-2017-17215, Huawei, IOT, Miori, PHP, ThinkPHP, Vulnerabilities

Multiple PHP vulnerabilities fixed

Leave a Comment / Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / October 15, 2018 December 28, 2018

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released a security advisory that addresses multiple PHP vulnerabilities.

Tags: MS-ISAC, PHP, Vulnerabilities