securityonline.info
Open in
urlscan Pro
2a05:d014:776:a63d:6339:2a28:fc90:eea
Public Scan
URL:
https://securityonline.info/critical-php-vulnerabilities-patched-update-immediately-to-mitigate-attacks/
Submission: On April 16 via manual from US — Scanned from DE
Submission: On April 16 via manual from US — Scanned from DE
Form analysis 2 forms found in the DOM
https://securityonline.info/
<form role="search" class="search-form" action="https://securityonline.info/"><label><span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Search …" name="s"></label>
<input type="submit" class="search-submit" value="Search">
</form>https://securityonline.info/
<form role="search" class="search-form" action="https://securityonline.info/"><label><span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Search …" name="s"></label>
<input type="submit" class="search-submit" value="Search">
</form>Text Content
Skip to content
Penetration Testing
* Search for:
* Home
* Cyber Security
* Data Leak
* Forensics
* Malware Analysis
* Malware Attack
* Network PenTest
* Information Gathering
* Vulnerability Analysis
* Exploitation
* Metasploit
* Post Exploitation
* Maintaining Access
* Password Attacks
* Sniffing & Spoofing
* Smartphone PenTest
* Wireless
* Reverse Engineering
* Vulnerability
* Web PenTest
* Web Information Gathering
* Web Vulnerability Analysis
* Web Exploitation
* Web Maintaining Access
* Reporting
* Home
* Cyber Security
* Data Leak
* Forensics
* Malware Analysis
* Malware Attack
* Network PenTest
* Information Gathering
* Vulnerability Analysis
* Exploitation
* Metasploit
* Post Exploitation
* Maintaining Access
* Password Attacks
* Sniffing & Spoofing
* Smartphone PenTest
* Wireless
* Reverse Engineering
* Vulnerability
* Web PenTest
* Web Information Gathering
* Web Vulnerability Analysis
* Web Exploitation
* Web Maintaining Access
* Reporting
Search for:
Penetration Testing
* Vulnerability
CRITICAL PHP VULNERABILITIES PATCHED: UPDATE IMMEDIATELY TO MITIGATE ATTACKS
by do son · April 14, 2024
The PHP development team has released urgent security patches for multiple
vulnerabilities affecting versions 8.1.28, 8.2.18, and 8.3.6. These
vulnerabilities, ranging from critical command injection flaws to potential
account compromises, require immediate attention from both users and developers
who rely on PHP for websites and applications.
Key Vulnerabilities and Potential Impact
Please enable JavaScript
Video Player is loading.
Play Video
Pause
Unmute
Current Time 0:03
/
Duration 6:01
0:03
Remaining Time -5:58
1x
Playback Rate
* 2x
* 1.5x
* 1x, selected
* 0.5x
Captions
* captions off, selected
* American English Captions
Auto(360pLQ)
* 1080pFHD
* 720pHD
* Auto(360pLQ)
Fullscreen
Here are 15 safe browsing tips with detailed explanations:
Share
Watch on
* CVE-2024-1874 (Critical): Improper command-line handling on Windows systems
could allow attackers to inject arbitrary commands, potentially leading to
full system takeovers if PHP applications execute batch (*.bat) or command
(*.cmd) files.
* CVE-2024-2756 (Medium): An incomplete fix to a previous patch could allow
attackers to set malicious cookies that PHP applications would misinterpret
as secure, opening the door to hijacking user sessions or launching
cross-site attacks.
* CVE-2024-3096 (Low): A rare but potentially severe flaw could allow attackers
to bypass password authentication in systems using password_hash. This
requires the highly unlikely scenario where a user’s password starts with a
null byte.
* CVE-2024-2757 (High): Certain inputs to the mb_encode_mimeheader function
could trigger infinite loops. This vulnerability has the potential to cause
denial-of-service attacks by disrupting email processing.
Protect Yourself – What You Need to Do
1. Update Immediately: If you are running any of the affected PHP versions
(8.1.28, 8.2.18, or 8.3.6), prioritize updating to the latest patched
versions as soon as possible. Consult your hosting provider, distribution’s
support channels, or the official PHP website for instructions.
2. Review Code and Practices (Developers): Take the opportunity to scrutinize
any code that interacts with command-line arguments, batch files, cookies,
or email processing:
* Command-Line Safety: If you must execute command-line operations from PHP,
exercise extreme caution, especially on Windows systems. Consider
alternative approaches wherever possible.
* Cookie Handling: Double-check your cookie handling procedures to ensure
you’re correctly checking for __Host- and __Secure- prefixes.
* Email Security: Carefully examine email processing functions to identify
potential attack vectors where malformed input could exploit the
mb_encode_mimeheader vulnerability.
3. Stay Informed: Subscribe to cybersecurity news sources or the PHP project’s
security announcements to remain aware of emerging threats and patches.
The PHP patches serve as a stark reminder of the ever-evolving threat landscape.
By maintaining up-to-date software, implementing secure coding practices, and
maintaining vigilance, you can significantly reduce your risk of exploitation.
Share
Tags: CVE-2024-1874CVE-2024-2756phpPHP vulnerability
* Previous story Popular Text Editor Notepad++ Compromised in “WikiLoader”
Malware Attack
Follow:
*
*
*
*
*
*
SEARCH
* Popular Posts
* Tags
* Vulnerability
Critical PHP Vulnerabilities Patched: Update Immediately to Mitigate Attacks
April 14, 2024
* Vulnerability
CVE-2024-23944: Critical Apache ZooKeeper Flaw Exposes Sensitive Data, Patch
Immediately
March 14, 2024
* Vulnerability
CVE-2024-27307: Critical Flaw in Popular JSONata Library Could Lead to Code
Execution
March 14, 2024
* Cyber Security / Vulnerability
ShadowSyndicate Ransomware Gang Targets aiohttp CVE-2024-23334 Flaw: Patch
Now!
March 15, 2024
* Exploitation
Shelter: ROP-based sleep obfuscation to evade memory scanners
March 15, 2024
* active directory android Apple backdoor BurpSuite chrome CISA cisco
cyberattack Data Breach facebook gitlab google google chrome hacker kali
linux Linux Linux Kernel malware metasploit Microsoft nmap OSINT penetration
testing Pentesting PoC powershell privilege escalation Python ransomware
shodan sqli sql injection sqlmap ssh Ubuntu vmware Vulnerability web app
webapp pentest webshell windows wireless wordpress XSS
Reward
BRILLIANTLY
SAFE!
securityonline.info
CONTENT & LINKS
Verified by Sur.ly
2022
WEBSITE
1. About SecurityOnline.info
2. Advertise on SecurityOnline.info
3. Contact
* About Us
* Contact Us
* Disclaimer
* Privacy Policy
* DMCA NOTICE
Penetration Testing © 2024. All Rights Reserved.
*
*
*
*
*
*
x
x
🌎
✕
🍪 DATENSCHUTZ & TRANSPARENZ
Wir und unsere Partner verwenden Cookies, um Speichern von oder Zugriff auf
Informationen auf einem Endgerät zu können. Wir und unsere Partner verwenden
Daten für Personalisierte Werbung und Inhalte, Messung von Werbeleistung und der
Performance von Inhalten, Zielgruppenforschung sowie Entwicklung und
Verbesserung von Angeboten. Ein Beispiel für Daten, welche verarbeitet werden,
kann eine in einem Cookie gespeicherte eindeutige Kennung sein. Einige unserer
Partner können Ihre Daten im Rahmen ihrer legitimen Geschäftsinteressen
verarbeiten, ohne Ihre Zustimmung einzuholen. Um die Verwendungszwecke
einzusehen, für die diese ihrer Meinung nach ein berechtigtes Interesse haben,
oder um dieser Datenverarbeitung zu widersprechen, verwenden Sie den unten
stehenden Link zur Anbieterliste. Die übermittelte Einwilligung wird nur für die
von dieser Webseite ausgehende Datenverarbeitung verwendet. Wenn Sie Ihre
Einstellungen ändern oder Ihre Einwilligung jederzeit widerrufen möchten, finden
Sie den Link dazu in unserer Datenschutzerklärung, die von unserer Homepage aus
zugänglich ist.
Einstellungen verwalten Nur notwendige Cookies Weiter mit den empfohlenen
Cookies
Anbieter-Liste | Datenschutzerklärung