Nasty PHP7 remote code execution bug exploited in the wild


A recently patched security flaw in modern versions of the PHP programming language is being exploited in the wild to take over servers, ZDNet has learned from threat intelligence firm Bad Packets.

The vulnerability is a remote code execution (RCE) in PHP 7, the newer branch of PHP, the most common programming language used to build websites.

The issue, tracked as CVE-2019-11043, lets attackers run commands on servers just by accessing a specially-crafted URL.

Exploiting the bug is trivial, and public proof-of-concept exploit code has been published on GitHub earlier this week.

Read more…
Source: ZDNet