PHP 5.6.0 'efree()' Function RCE
High Nessus Network Monitor Plugin ID 6666
SynopsisThe remote web server uses an outdated version of PHP and is therefore exposed to a remote code execution vulnerability.
DescriptionPHP version 5.6.0 contains an issue in the Post Handler due to an illegal use of efree() in function add_post_var(). This can be leveraged to cause arbitrary code execution.
SolutionApply the vendor's patch, or upgrade to the latest version. This issue is fixed in version 5.6.1.