PHP 7.0.x < 7.0.16 / 7.1.x < 7.1.2 Multiple Vulnerabilities

Critical Nessus Network Monitor Plugin ID 700086


The remote web server uses a version of PHP that is affected by multiple attack vectors.


Versions of PHP 7.0.x prior to 7.0.16 and 7.1.x prior to 7.1.2 are affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the PHP-Win client due to a DEP violation. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (OSVDB 156486)
- A denial of service vulnerability exists in 'mysqli.c' due to a memory leak. An unauthenticated, remote attacker can exploit this to crash the application. (OSVDB 156623)


Upgrade to PHP version 7.1.2. If 7.1.x cannot be obtained, 7.0.16 has also been patched for these vulnerabilities.

See Also

Plugin Details

Severity: Critical

ID: 700086

File Name: 700086.prm

Family: Web Servers

Published: 2017/05/05

Modified: 2017/05/05

Dependencies: 9243

Nessus ID: 97353, 97354

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C


Base Score: 9.8

Temporal Score: 9.3


Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:php:php

Patch Publication Date: 2017/02/16

Vulnerability Publication Date: 2017/01/07

Reference Information

BID: 96300, 96303

OSVDB: 156486, 156623