Vulnerability in PHP 7.3 Could Allow for Arbitrary Code Execution

On This Page

Recent Stories

June 18, 2020

Jun 18
Vulnerability in iOS Mail App

March 24, 2020

Mar 24
Windows Zero-Day Exploit: Type 1 Font Parsing Remote Code Execution Vulnerability

March 13, 2020

Mar 13
Patch IMMEDIATELY – Microsoft SMBv3 Compression - Wormable RCE Vulnerability - CVE-2020-0796
News Archive
September 27, 2019
John Ives

Summary

A vulnerability has been discovered in PHP 7.3 (the latest release series) that could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications.  [1]

Impact

  • Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

Vulnerable

  •  PHP versions 7.3 prior to 7.3.10  [2]

Recommendations

  •  If you are using PHP 7.3, upgrade to the latest version of PHP immediately, after appropriate testing.
  • Verify no unauthorized system modifications have occurred on system before applying patch.
  • Apply the principle of Least Privilege to all systems and services.
  • Remind users not to visit websites or follow links provided by unknown or untrusted sources.

References