PHP: Hypertext Preprocessor, or just PHP, is a popular server-side scripting language designed for web development and also for general-purpose Programming Language.
It was discovered that the programming language contained multiple vulnerabilities, which could allow hackers to remotely execute commands, according to an advisory from the Multi-State Information Sharing and Analysis Center (MS-ISAC).
The vulnerabilities were a high risk to anyone who uses it.
"Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights," warned the MS-ISAC.
Considering that the adoption of PHP is very wide, the vulnerabilities could pose huge problems to the overall web. The flaws were quickly patched by the developers of PHP.
They have issued a series of updates to fix 40 vulnerabilities that spread across four different versions. The most serious one was so severe since it allowed attackers to execute arbitrary code within the context of an affected application.
According to an advisory from the MS-ISAC, the most dangerous bug can be exploited to "view, change, or delete data; or create new accounts with full user rights," depending on user privileges associated with the impacted application.
The affected versions include PHP 7.2 prior to 7.2.5 (18 bugs), PHP 7.1 prior to 7.1.17 (14 bugs), PHP 7.0 prior to 7.0.30 (four bugs), and PHP 5.0 prior to 5.6.36 (four bugs).
The MS-ISAC advised that both governments, organizations and business to immediately upgrade their systems to include the patched version of PHP, but only after conducting appropriate testing to ensure that no unauthorized system modifications have previously occurred on the system.