Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP 7.0.x < 7.0.16 / 7.1.x < 7.1.2 Multiple Vulnerabilities

Critical

Synopsis

The remote web server uses a version of PHP that is affected by multiple attack vectors.

Description

Versions of PHP 7.0.x prior to 7.0.16 and 7.1.x prior to 7.1.2 are affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in the PHP-Win client due to a DEP violation. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (OSVDB 156486) - A denial of service vulnerability exists in 'mysqli.c' due to a memory leak. An unauthenticated, remote attacker can exploit this to crash the application. (OSVDB 156623)

Solution

Upgrade to PHP version 7.1.2. If 7.1.x cannot be obtained, 7.0.16 has also been patched for these vulnerabilities.