CIS Center for Internet Security Urge PHP customer aware of Multiple Vulnerabilities in PHP. Because it could allow for Arbitrary Code Execution. Sep 2019

Preface: Network security experts may hesitate to answer a question. What is it? Which programming language is easy to write. But there are no loopholes.

CIS Center for Internet security announcement: Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution

For more information, please refer URL – https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-php-could-allow-for-arbitrary-code-execution_2019-087/

Our Observation: One of the component to Jeopardize your PHP website is the “arbitrary-php-extension”. An experimental has been proofed. After loading custom made PHP extension, each request will be able to execute a piece of your own PHP code. If you need to customize the request argument arbitrary_php to something else, you can modify the value of REQUEST_NAME in (arbitraryphp/extinitial/pre_request.h). Parameter can be find on attached picture.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.