A popular programming language contains multiple vulnerabilities, the worst of which could allow attackers to execute commands of their choice, according to a new advisory from the Multi-State Information Sharing and Analysis Center. The center said the vulnerabilities were a high risk to government organizations and businesses of all sizes. The vulnerabilities concern the Hypertext Preprocessor (PHP), an open-source script language for web development. “Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights,” warned the MS-ISAC, a threat-sharing center for state, local, tribal and territorial government agencies. The advisory urges users to upgrade to the newest PHP version immediately after testing, and to ensure that there haven’t been any unauthorized system changes before applying patches. Tom Kellermann, chief cybersecurity officer at cloud-security firm Carbon Black, said the PHP revelations were evidence of slack attention […]
The post State threat-sharing center warns of multiple PHP vulnerabilities appeared first on Cyberscoop.
Continue reading State threat-sharing center warns of multiple PHP vulnerabilities→