PHP Archives - Securezoo

Cyberattacks on WordPress plugin Modern WPBakery Page Builder Addons

Cybersecurity Attacks, Vulnerabilities & Exploits / By Frank Crast / July 17, 2022 / AJAX, CVE-2021-24284, Kaswara, PHP, Wordfence, WPBakery

Researchers from Wordfence have spotted scans against 1.6 million WordPress sites looking for vulnerable Kaswara Modern WPBakery Page Builder Addons plugin.

NotLegit: 4-year old Microsoft Azure App Service 0-day vulnerability affects source code repositories

Application Security, Cybersecurity Attacks, Vulnerabilities & Exploits / By Frank Crast / December 29, 2021 / 0-day, App Service, Azure, GitHub, IIS, Local Git, Microsoft, Node, PHP, Python, Ruby, Windows

A four-year old Microsoft Azure App Service 0-day vulnerability dubbed “NotLegit” affects hundreds of source code repositories.

PHP user database leak allegedly led to PHP source code compromise

Application Security, Password Management, Vulnerabilities & Exploits / By Frank Crast / April 7, 2021 / Gilotine, PHP, Source Code

PHP maintainer Nikita Popov has published new details regarding the likely cause of a recent PHP source code compromise and insert of malicious code.

Drupal patches 2 Critical arbitrary PHP code execution vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / November 27, 2020 / Archive_Tar, CVE-2020-28948, CVE-2020-28949, Drupal, PHP

Drupal has released a security update that fixes two Critical arbitrary PHP code execution vulnerabilities (CVE-2020-28949 and CVE-2020-28948) in multiple versions of Drupal.

Drupal patches Critical RCE vulnerability (CVE-2020-13671)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / November 23, 2020 / CVE-2020-13671, Druplal, MIME, PHP, RCE

Drupal has released a security update that fixes a Critical RCE vulnerability CVE-2020-13671 in multiple versions of Drupal.

Critical File Manager plugin vulnerability affects 700k WordPress Websites

Application Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / September 7, 2020 / elFinder, File Manager, PHP, WordPress

Developers have updated the WordPress plugin File Manager to fix a critical vulnerability that could have allowed hackers to gain complete access to nearly 700 thousand WordPress websites.

Adobe patches Magento vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / February 1, 2020 / Adobe, CVE-2020-3719, Magento, PHP, SQLi, Vulnerabilities

Adobe has released security updates that fix multiple vulnerabilities in Magento Commerce and Open Source editions.

PHP 7 remote code execution vulnerability exploited in the wild

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / October 27, 2019 / NGINX, PHP, PHP 7, PHP-FPM, RCE

A recently patched vulnerability in newer versions of the PHP programming language is being exploited in the wild. The remote code execution (RCE) bug could allow an attacker to take over NGINX servers.

WordPress 5.1.1 security update

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / March 14, 2019 / PHP, WordPress

WordPress 5.1.1 security and maintenance release is now available. The update released on Wednesday includes 14 fixes and enhancements.

Miori IoT botnet spreads through PHP framework RCE vulnerability

Internet of Things (IoT), Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / December 26, 2018 / 1Z1H9, APEP, botnet, CVE-2017-17215, Huawei, IOT, Miori, PHP, ThinkPHP, Vulnerabilities

Attackers are using a variant of the infamous Mirai IoT botnet dubbed “Miori” to exploit a Remote Code Execution (RCE) vulnerability in ThinkPHP, a free open-source PHP framework.