Why we need to upgrade to the upcoming patches?
Hey Everyone, PHP: Hypertext Preprocessor is originally made for web developing in 1994. PHP is the most using server side scripting language by the web developers that fueled 78% of the world today . Patches to multiple high severity vulnerabilities were released by the maintainers of PHP.
The latest releases under several maintained branches include PHP version 7.3.9, 7.2.22 and 7.1.32, addressing multiple security vulnerabilities.
Depends on the usage of code base in a PHP application such as occurrence, type. If an attacker can do successful exploitation of the most severe vulnerabilities it could allow him to execute arbitrary code execution with some Associative Privileges. In case failed attempts will end the systems in Denial of Service (DOS)state.
Even websites Fueled by Content Management Systems (CMS) like WORD PRESS, DRUPAL & TYPO3 had also became as Victims and open to code execution attacks. These vulnerabilities could leave hundreds of thousands of Applications life at stake.
CHANGELOG Check here for the patches and updates from PHP
Out of these, a ‘use-after-free’ code execution vulnerability, assigned as CVE-2019-13224, resides in Oniguruma, a popular regular expression library that comes bundled with PHP, as well as many other programming languages. By inserting a specially crafted regular expression in an affected web application attacker can exploit by code execution & retrieve sensitive information.
“The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(),” Red Hat says in its security advisory describing the vulnerability.
Patched flaws cause some problems in curl extension, Exif function, opache feature and more, Fortunately so far there is no report of these vulnerabilities being exploited by the attackers in wild. So up gradation to the latest versions 7.3.9, 7.2.22, or 7.1.32 would be the best choice for the web developers to save themselves from the breaches said by the security team of PHP.
Have anything to Discuss?