Impacted are PHP-based websites running a vulnerable version of the web-app creation tool Zend Framework and some Laminas Project releases.

Nasty bug with very simple exploit hits PHP just in time for the weekend With PoC code available and active Internet scans, speed is of the essence.

CVE-2019-11043 is trivial to exploit — and a proof of concept is available. A buffer underflow bug in PHP could allow remote code-execution (RCE) on targeted NGINX servers. First discovered ...

Severe security bug found in popular PHP library for creating PDF files Vulnerability patched last year, but many websites and web apps will most likely remain vulnerable for years.

PHP bug allowing site hijacking still menaces Internet 22 months on Hackers continue to dish exploits executing malicious code on unsecured sites.

As promised last year the initiative ‘Month of PHP bugs’ began on March 1st. Whereas previous efforts in the same vein — month of bugs for Mac, browsers and kernels — were new bugs, this ...

In this second excerpt from Advanced PHP Programming, George Schlossnagle offers advice on how to defend against both attacks and carelessness.