Critical PHP vulnerability alert – 27th Feb 2019! CVE-2019-9025 CVE-2019-9023

Preface: As of December 2017, PHP makes up over 83% of server side languages used on the internet. As of today, PHP looks running strong because a large amount of users, applications and also legacy applications.

Vulnerability Details:

CVE-2019-9025: PHP mb_split() Function Invalid Multibyte String Vulnerability

Impact: A successful exploit could cause buffer over-read and over-write conditions

Remedy: software update to 7.3.1 – http://php.net/downloads.php

CVE-2019-9023: PHP mbstring Regular Expression Functions Heap-Based Buffer Over-Read Vulnerability

Impact: A successful exploit could cause a heap-based buffer over-read condition.

Remedy: software updates at the following link: PHP 7.1.26, 7.2.14 or 7.3.1 – http://php.net/downloads.php

Cyber security technical information

Critical PHP vulnerability alert – 27th Feb 2019! CVE-2019-9025 CVE-2019-9023

antihackingonline.com