PHP 5.6.x < 5.6.39 Arbitrary Command Injection Vulnerability
High Nessus Plugin ID 119764
Synopsis
An application installed on the remote host is affected by
an arbitrary command injection vulnerability.
Description
According to its banner, the version of PHP running on the remote web
server is 5.6.x prior to 5.6.39. It is, therefore, affected by
an arbitrary command injection vulnerability via the IMAP_open
mailbox parameter.
Solution
Upgrade to PHP version 5.6.39 or later.