The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities today (refer below url):
Perhaps PHP program version will make you frustrated. Why? The vulnerabilities addressed by MS-ISAC only for Version 7.2.11 & Version 7.1.23. However there is another fix coming soon (see below):
PHP 7.1.24
Core:
Fixed bug #76946 (Cyclic reference in generator not detected)
Date: unknown
Fixed bug #75851 (Year component overflow with date formats “c”, “o”, “r” and “y”). (Adam Saponara)
FCGI:
Fixed bug #76948 (Failed shutdown/reboot or end session in Windows).
(Anatol)
Fixed bug #76954 (apache_response_headers removes last character from header
name). (stodorovic)
FTP:
. Fixed bug #76972 (Data truncation due to forceful ssl socket shutdown).
(Manuel Mausz)
intl:
. Fixed bug #76942 (U_ARGUMENT_TYPE_MISMATCH). (anthrax at unixuser dot org)
Standard:
. Fixed bug #76965 (INI_SCANNER_RAW doesn’t strip trailing whitespace).
(Pierrick)
XML:
. Fixed bug #30875 (xml_parse_into_struct() does not resolve entities).
Should you have interested, please review above diagram. PHP look likes a game.