Four versions of PHP programming language updated to fix multiple bugs

News by Bradley Barth

The developer of the PHP (Hypertext Preprocessor) server-side scripting language has issued a series of updates that fix 40 vulnerabilities spread across four different versions.

The developer of the PHP (Hypertext Preprocessor) server-side scripting language has issued a series of updates that fix 40 vulnerabilities spread across four different versions -- the most serious of which was severe enough to allow an attacker to execute arbitrary code within the context of an affected application.

According to an advisory late last week from the Multi-State Information Sharing & Analysis Center (MS-ISAC), the most dangerous bug can be exploited to "view, change, or delete data; or create new accounts with full user rights," depending upon user privileges associated with the impacted application. Moreover, a failed exploitation can result in a denial-of-service (DOS) condition.

The affected versions are PHP 7.2 prior to 7.2.5 (18 bugs), PHP 7.1 prior to 7.1.17 (14 bugs), PHP 7.0 prior to 7.0.30 (four bugs), and PHP 5.0 prior to 5.6.36 (four bugs).

The MS-ISAC warns that the risk to both government and business users is high, and advises that organisations immediately upgrade to the latest patched version of PHP, but only after conducting appropriate testing and verifying that no unauthorised system modifications previously occurred on the system.

Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events