Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution

Description: Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications.

Below versions are affected:

  • PHP 5.6 prior to 5.6.31
  • PHP 7.0 prior to 7.0.21
  • PHP 7.1 prior to 7.1.7

Impact: Successfully exploiting the most severe of these vulnerabilities could allow for remote attackers to execute arbitrary code in the context of the affected application. Failed exploitation could result in a denial-of-service condition.

Mitigation: Upgrade to the latest version of PHP immediately, after appropriate testing.

Reference URL’s: