PHP 5.3.9 remote code execution

Description
  • This alert was generated using only banner information. It may be a false positive.

    The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables.

    Affected PHP version 5.3.9.
Remediation
  • Upgrade PHP to the latest version.
References