ZDNet

PHP Everywhere code execution bugs impact thousands of WordPress websites

Critical remote code execution (RCE) vulnerabilities in a popular WordPress plugin have been made public. The RCE bugs impact PHP Everywhere, a utility for web developers to be able to use PHP code in ...
Bleeping Computer

TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers

The TellYouThePass ransomware gang has been exploiting the recently patched CVE-2024-4577 remote code execution vulnerability in PHP to deliver webshells and execute the encryptor payload on target ...
Bleeping Computer

Zend Framework disputes RCE vulnerability, issues patch

An untrusted deserialization vulnerability has been disclosed this week in how Zend Framework can be exploited by attackers to achieve remote code execution on vulnerable PHP sites. This vulnerability ...
The Hacker News

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Cookie-gated PHP web shells enable persistent Linux RCE via cron-based re-creation, reducing detection in routine traffic ...
Computerworld

PHP 5.3.10 fixes critical remote code execution vulnerability

The PHP Group released PHP 5.3.10 on Thursday in order to address a critical security flaw that can be exploited to execute arbitrary code on servers running an older version of the Web development ...