Attackers tried to insert backdoor into PHP source code

2021-03-29 11:20

The PHP development team has averted an attempted supply chain compromise that could have opened a backdoor into many web servers.

Php.net server," developer Nikita Popov explained in a message sent out through one of the project's mailing lists.

Had they succeeded, the attackers would have been able to use the backdoor to execute malicious PHP code on targeted servers.

The PHP development team is still investigating and reviewing the repositories for any corruption beyond those two commits but, in the meantime, they also decided to stop using their own git infrastructure and make the GitHub repositories canonical.

Php.net server has been compromised, but that it is possible that the master.

Some things about the incident are still unclear but, in the meantime, the PHP team has reset all php.net passwords and is asking users to set a new one for their account.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/y0_8WGJflWg/

#backdoor #PHP #sourcecode

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
PHP		21	25	309	220	84	638

News URL

Related news

Related vendor