Security Alert (A18-09-05): Multiple Vulnerabilities in PHP


 

Published on: 18 September 2018

Description:

Multiple vulnerabilities have been found in PHP. A remote attacker could exploit the vulnerabilities via specially crafted requests.

 

Affected Systems:

  • PHP 5.0 prior to 5.6.38
  • PHP 7.0 prior to 7.0.32
  • PHP 7.1 prior to 7.1.22
  • PHP 7.2 prior to 7.2.10

 

Impact:

A successful attack could lead to arbitrary code execution, privilege escalation, information disclosure, denial of service and take control of an affected system.

 

Recommendation:

The product vendor has released new versions to address the issues and they can be downloaded at the following URL:

http://php.net/downloads.php

Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

http://www.php.net/ChangeLog-5.php#5.6.38
http://www.php.net/ChangeLog-7.php#7.0.32
http://www.php.net/ChangeLog-7.php#7.1.22
http://www.php.net/ChangeLog-7.php#7.2.10
https://www.hkcert.org/my_url/en/alert/18091701
https://www.us-cert.gov/ncas/current-activity/2018/09/14/MS-ISAC-Releases-Advisory-PHP-Vulnerabilities
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-php-could-allow-for-arbitrary-code-execution_2018-101/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17082

 



Tag: PHP
Tags