The impact of a serious PHP vulnerability on websites

The discovery of a serious vulnerability in PHP language affects websites

Most websites rely on PHP, which forms the basis for common content management systems, such as WordPress and Drupal, as well as more sophisticated web applications, such as Facebook.

Indeed, a Russian-based security researcher named Emil Neex Lerner two days ago uncovered a vulnerability that  allow attackers to carry out remote attacks in PHP 7, the latest version of the most popular web programming language.

The vulnerability allows remote attacks to be carried out once an artificial URL is reached. All the attacker needs to execute their attack is "? A =" to the web addresses, then their payload.

Such an attack is believed to significantly reduce the barrier to penetrating a website and simplify it to the extent that it can be abused even by people without technical skill.

PHP update
Fortunately, the vulnerability only affects servers running the NGINX web server with PHP-FPM extension. PHP-FPM is a customized version of FastCGI, with some additional features designed for high-traffic sites.

After reporting the vulnerability, the PHP language development team issued security advice to those using the vulnerability urging them to update PHP to the latest version.

BadPackets confirmed to ZDNet that there were signs that attackers were taking advantage of a serious vulnerability in PHP7.

PHP , Hacking , vulnerability , NGINX , PHP-FPM

Post a Comment



  2. good job