![](https://img.photobucket.com/albums/v704/chanpicco/chanpicco001/PHP-vul-urge-arbitrary-php-extension-v2_zpsmyrvk4vg.jpg)
Preface: Network security experts may hesitate to answer a question. What is it? Which programming language is easy to write. But there are no loopholes.
CIS Center for Internet security announcement: Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution
For more information, please refer URL – https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-php-could-allow-for-arbitrary-code-execution_2019-087/
Our Observation: One of the component to Jeopardize your PHP website is the “arbitrary-php-extension”. An experimental has been proofed. After loading custom made PHP extension, each request will be able to execute a piece of your own PHP code. If you need to customize the request argument arbitrary_php to something else, you can modify the value of REQUEST_NAME in (arbitraryphp/extinitial/pre_request.h). Parameter can be find on attached picture.