The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released a security advisory that addresses multiple PHP vulnerabilities.
The Hypertext Preprocessor (PHP) vulnerabilities are rated High severity and could allow an attacker to execute arbitrary code in the context of the affected application.
Systems impacted include PHP 7.2 prior to 7.2.11 and PHP 7.1 prior to 7.1.23.
“Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in a denial-of-service condition,” MS-ISAC warned in the advisory.
System administrators should upgrade PHP installations as soon as possible.