Sign In

Предупреждения


Multiple Vulnerabilities in PHP


The US's Center of Internet security (CIS)  has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system.

Affected versions:

  • PHP 7.2 prior to 7.2.5
  • PHP 7.1 prior to 7.1.17
  • PHP 7.0 prior to 7.0.30
  • PHP 5.0 prior to 5.6.36

Risk:

  • Government entities: HIGH
  • Businesses entities: HIGH
  • Home Users: LOW

CERT Bulgaria recommends users and administrators to review CIS Advisory  2018-046 and the PHP Downloads page and:

  • Upgrade to the latest version of PHP immediately, after appropriate testing.
  • Verify no unauthorized system modifications have occurred on system before applying patch.
  • Apply the principle of Least Privilege to all systems and services.
  • Remind users not to visit websites or follow links provided by unknown or untrusted sources.

https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-php-could-allow-for-arbitrary-code-execution_2018-046/

http://us3.php.net/downloads.php


30/04/2018

NEW VIRUSES RSS
VULNERABILITIES RSS