Vulnerability on PHP for the year 2019

As we all know that vulnerabilities in PHP are normally mistakes made by the developer when they are writing the original code. Like Application is been used over and over again, the developer will have to learn from their mistakes for them to improve the security for website or application.

For Developer point of view, PHP creation is a process of evolutionary where it is important to keep an update of the security alerts in PHP or any other attack that related to the website.

There are a few PHP vulnerabilities that been released in the year 2019. One of those vulnerabilities is CVE-2019-9639. This vulnerability is related to EXIF component that resides in PHP before  7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3 version.

Even though this vulnerability have been discovered around March this year, there still have a lot of system and application out there that been using the older version of PHP than 7.1.27.

Other vulnerabilities related to PHP is CVE-2019-9638. This vulnerability will affect on the uninitialized read in exif_process_IFD_in_MAKERNOTE. As a result, this will give the attacker access to the PHP vulnerability website because of mishandling the maker_note->offset relationship to value_len.

You can see the list of other vulnerability that related to PHP over here

Recommended for those vulnerabilities is that the system administrator needs to upgrade to the latest version if possible. If not, the system administrator will need at least upgrade to PHP 7.1.27

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *