Security News > 2021 > March > PHP's Git server hacked to add backdoors to PHP source code
In the latest software supply chain attack, the official PHP Git repository was hacked and the code base tampered with.
Yesterday, two malicious commits were pushed to the php-src Git repository maintained by the PHP team on their git.
In an attempt to compromise the PHP code base, two malicious commits were pushed to the official PHP Git repository yesterday.
Taking a look at the added line 370 where zend eval string function is called, the code actually plants a backdoor for obtaining easy Remote Code Execution on a website running this hijacked version of PHP. "This line executes PHP code from within the useragent HTTP header, if the string starts with 'zerodium'," responded PHP developer Jake Birchall to Michael Voříšek, who had first pointed out the anomaly.
As a precaution following this incident, PHP maintainers have decided to migrate the official PHP source code repository to GitHub.
The PHP team has confirmed to BleepingComputer that they plan on eventually decommissioning their git server in the upcoming days and moving to GitHub permanently.