Connect with us
A bug in one of PHP’s functions made it possible to bypass security measures meant to protect web applications against malicious user input, a security researcher...
Researchers found three critical remote code execution (RCE) vulnerabilities in the ‘PHP Everywhere’ plugin for WordPress, used by over 30,000 websites worldwide. PHP Everywhere is a...
Developers of the Symfony PHP framework have reversed a recent change that inadvertently turned off protection against cross-site request forgery (CSRF) attacks. Symfony is a popular PHP framework for web...
A hugely popular GDPR compliance plugin for WordPress contained an authenticated, persistent cross-site scripting (XSS) vulnerability related to the insecure use of PHP’s extract() function, according to security researchers. As...
Critical vulnerabilities in elFinder, the popular open source web file manager, can enable unauthenticated attackers to execute arbitrary PHP code on servers hosting elFinder’s back-end PHP connector. JavaScript-based...
Novel credit card skimming malware that easily evades client-side detection has been deployed against e-commerce sites running unsupported versions of Magento, security researchers have found. The campaign has...
The maintainers of PHP have released a post-mortem report after an unknown actor pushed backdoored code onto the scripting language’s official PHP Git repository. As previously reported by The...
An unknown actor compromised the official PHP Git repository last night (March 28), pushing backdoored code under the guise of a minor edit. The malicious attacker pushed two...
A severe unauthenticated SQL injection vulnerability has been patched by developers of the Evolution CMS. Evolution is a PHP-based, open source content management system (CMS) used to manage...
Recent Comments