Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution

by CIRT Team

Description: Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications.

Below versions are affected:

• PHP 5.6 prior to 5.6.31
• PHP 7.0 prior to 7.0.21
• PHP 7.1 prior to 7.1.7

Impact: Successfully exploiting the most severe of these vulnerabilities could allow for remote attackers to execute arbitrary code in the context of the affected application. Failed exploitation could result in a denial-of-service condition.

Mitigation: Upgrade to the latest version of PHP immediately, after appropriate testing.

Reference URL’s:

• http://php.net/ChangeLog-5.php#5.6.31
• http://php.net/ChangeLog-7.php#7.0.21
• http://php.net/ChangeLog-7.php#7.1.7
  
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9224
  
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9226
  
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9227
  
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9228
  
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9229

CIRT Team

Recommended Posts

Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh

06 Nov 2024 - Security Advisories & Alerts

Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages

08 Oct 2024 - Security Advisories & Alerts

Detection of Fog Ransomware Footprint in Cyber Space of Bangladesh

12 Sep 2024 - Security Advisories & Alerts