Security News > 2021 > April > PHP Developers Share Update on Recent Breach

PHP Developers Share Update on Recent Breach
2021-04-08 12:09

The developers of the PHP scripting language have shared an update on the recently disclosed breach in which attackers planted malicious code.

Php.net server and it was apparently designed to allow an attacker to remotely execute arbitrary PHP code.

PHP developers said the backdoor was discovered before it was pushed out to users via an update.

In an update shared this week, Nikita Popov, an important PHP contributor, said they no longer believe the git.

Php.net had allowed developers to push changes - in addition to SSH via Gitolite infrastructure and public key cryptography - using HTTPS and password-based authentication.

The attacker apparently leveraged this HTTPS channel to push the malicious PHP commits.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/Av9wnkfMumc/php-developers-share-update-recent-breach

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
PHP 9 1 43 113 123 280