PHP Developers Share Update on Recent Breach

2021-04-08 12:09

The developers of the PHP scripting language have shared an update on the recently disclosed breach in which attackers planted malicious code.

Php.net server and it was apparently designed to allow an attacker to remotely execute arbitrary PHP code.

PHP developers said the backdoor was discovered before it was pushed out to users via an update.

In an update shared this week, Nikita Popov, an important PHP contributor, said they no longer believe the git.

Php.net had allowed developers to push changes - in addition to SSH via Gitolite infrastructure and public key cryptography - using HTTPS and password-based authentication.

The attacker apparently leveraged this HTTPS channel to push the malicious PHP commits.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/Av9wnkfMumc/php-developers-share-update-recent-breach

#breach #developer #PHP

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
PHP		21	25	310	220	84	639