Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. 
Depending on the privileges associated with the application, an attacker
could install programs; view, change, or delete data; or create new accounts
with full user rights. Failed exploitation could result in a denial-of-service
- PHP 7.2 prior to 7.2.3
- PHP 7.0 prior to 7.0.28
- PHP 5.0 prior to 5.6.34
- Upgrade to the latest version of PHP immediately, after appropriate testing.
- Verify no unauthorized system modifications have occurred on system before applying patch.
- Apply the principle of Least Privilege to all systems and services.
- Remind users not to visit websites or follow links provided by unknown or untrusted sources.