PHP 7.0.x < 7.0.14 RCE
High Nessus Network Monitor Plugin ID 9842
SynopsisThe remote web server uses a version of PHP that is affected by a Remote Code Execution (RCE) attack vector.
DescriptionVersions of PHP 7.0.x prior to 7.0.14 are vulnerable to a use-after-free error in the 'unserialize()' function in 'ext/standard/var.c'. This may allow a remote attacker to dereference already freed memory and potentially execute arbitrary code.
SolutionUpgrade to PHP version 7.0.14 or later.