The US's Center of Internet security (CIS) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system.
- PHP 7.2 prior to 7.2.5
- PHP 7.1 prior to 7.1.17
- PHP 7.0 prior to 7.0.30
- PHP 5.0 prior to 5.6.36
- Government entities: HIGH
- Businesses entities: HIGH
- Home Users: LOW
CERT Bulgaria recommends users and administrators to review CIS Advisory 2018-046 and the PHP Downloads page and:
- Upgrade to the latest version of PHP immediately, after appropriate testing.
- Verify no unauthorized system modifications have occurred on system before applying patch.
- Apply the principle of Least Privilege to all systems and services.
- Remind users not to visit websites or follow links provided by unknown or untrusted sources.