Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP 5.6.0 'efree()' Function RCE

High

Synopsis

The remote web server uses an outdated version of PHP and is therefore exposed to a remote code execution vulnerability.

Description

PHP version 5.6.0 contains an issue in the Post Handler due to an illegal use of efree() in function add_post_var(). This can be leveraged to cause arbitrary code execution.

Solution

Apply the vendor's patch, or upgrade to the latest version. This issue is fixed in version 5.6.1.