Vulnerability in PHP 7.3 Could Allow for Arbitrary Code Execution

On This Page

Recent Stories

March 24, 2020

Windows Zero-Day Exploit: Type 1 Font Parsing Remote Code Execution Vulnerability

March 13, 2020

Patch IMMEDIATELY – Microsoft SMBv3 Compression - Wormable RCE Vulnerability - CVE-2020-0796

January 14, 2020

Patch IMMEDIATELY! - Microsoft Remote Desktop Gateway Remote Code Execution Vulnerability (CVE-2020-0610)
News Archive
September 27, 2019
John Ives

Summary

A vulnerability has been discovered in PHP 7.3 (the latest release series) that could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications.  [1]

Impact

  • Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

Vulnerable

  •  PHP versions 7.3 prior to 7.3.10  [2]

Recommendations

  •  If you are using PHP 7.3, upgrade to the latest version of PHP immediately, after appropriate testing.
  • Verify no unauthorized system modifications have occurred on system before applying patch.
  • Apply the principle of Least Privilege to all systems and services.
  • Remind users not to visit websites or follow links provided by unknown or untrusted sources.

References