QID 38851

Date Published: 2021-10-04

QID 38851: Hypertext Preprocessor (PHP) Security Update

PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML.

PHP is affected by multiple vulnerabilities.

Affected Versions:
PHP versions prior to 7.4.24
PHP versions 7.3.x prior to 7.3.31
PHP versions 8.0.x prior to 8.0.11
QID Detection Logic
The qid checks the php version via banner.

Successful exploitation of this vulnerability may allow an attacker to impact Confidentiality and Integrity.

  • CVSS V3 rated as High - 6.5 severity.
  • CVSS V2 rated as Medium - 4.3 severity.
  • Solution
    Customers are advised to upgrade to the latest version of PHP.
    Vendor References

    CVEs related to QID 38851

    Software Advisories
    Advisory ID Software Component Link
    PHP Changelog Version 7.3.31 URL Logo www.php.net/ChangeLog-7.php#PHP_7_3
    PHP Changelog Version 7.4.24 URL Logo www.php.net/ChangeLog-7.php#PHP_7_4
    PHP Changelog Version 8.0.11 URL Logo www.php.net/ChangeLog-8.php