Vulnerability in PHP 7.3 Could Allow for Arbitrary Code Execution

On This Page

Recent Stories

April 5, 2021

Apr 05
UC Email Security Incident Notice

March 31, 2021

Mar 31
IRS Warning of Impersonation Attacks Targeting Universities

February 11, 2021

Feb 11
Microsoft Patches for CVE-2021-24074 and CVE-2021-24094
News Archive
September 27, 2019
John Ives

Summary

A vulnerability has been discovered in PHP 7.3 (the latest release series) that could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications.  [1]

Impact

  • Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

Vulnerable

  •  PHP versions 7.3 prior to 7.3.10  [2]

Recommendations

  •  If you are using PHP 7.3, upgrade to the latest version of PHP immediately, after appropriate testing.
  • Verify no unauthorized system modifications have occurred on system before applying patch.
  • Apply the principle of Least Privilege to all systems and services.
  • Remind users not to visit websites or follow links provided by unknown or untrusted sources.

References