September 27, 2019
Summary
A vulnerability has been discovered in PHP 7.3 (the latest release series) that could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. [1]
Impact
- Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerable
-
PHP versions 7.3 prior to 7.3.10 [2]
Recommendations
- If you are using PHP 7.3, upgrade to the latest version of PHP immediately, after appropriate testing.
- Verify no unauthorized system modifications have occurred on system before applying patch.
- Apply the principle of Least Privilege to all systems and services.
- Remind users not to visit websites or follow links provided by unknown or untrusted sources.