CIS Logo
tagline: Confidence in the Connected World

PHP Update Fixes Arbitrary Code Execution Flaw, 9 Other Bugs

September 30, 2019

SC Magazine

The Center for Internet Security’s Multi-State Information Sharing and Analysis Center (MS-ISAC) on Friday issued a security advisory urging developers to upgrade to the latest version of PHP in order to patch an arbitrary code execution vulnerability that was found in the programming language.

"Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in a denial-of-service condition."