Security News > 2018 > August > New PHP Code Execution Attack Puts WordPress Sites at Risk
2018-08-17 09:33
Sam Thomas, a security researcher from Secarma, has discovered a new exploitation technique that could make it easier for hackers to trigger critical deserialization vulnerabilities in PHP programming language using previously low-risk considered functions. The new technique leaves hundreds of thousands of web applications open to remote code execution attacks, including websites powered by
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/uXfmSC2iTH8/php-deserialization-wordpress.html
Related news
- New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (source)
- PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- WordPress security plugin WP Ghost vulnerable to remote code execution bug (source)