PHP 5.3.9 remote code execution

Description
  • <div class="bb-coolbox"><span class="bb-dark">This alert was generated using only banner information. It may be a false positive. </span></div><br/>The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. <br/><br/><span class="bb-navy">Affected PHP version 5.3.9.</span><br/>
Remediation
  • Upgrade PHP to the latest version.
References