Back in October 2013, a public exploit for the PHP server-side framework was disclosed, using a command injection vulnerability found in May 2012 and categorized as CVE-2012-1823. Now, it appears that cybercriminals are still using it, despite the vulnerability being somewhat dated, because a major part of the install base of PHP does not get updated on a regular basis. It’s an easily solvable security hole that’s led to increasing levels of botnet attacks on big swaths of the public internet.


https://www.infosecurity-magazine.com/news/old-vulnerability-at-the-heart-of-escalating-php/
Back in October 2013, a public exploit for the PHP server-side framework was disclosed, using a command injection vulnerability found in May 2012 and categorized as CVE-2012-1823. Now, it appears that cybercriminals are still using it, despite the vulnerability being somewhat dated, because a major part of the install base of PHP does not get updated on a regular basis. It’s an easily solvable security hole that’s led to increasing levels of botnet attacks on big swaths of the public internet.
Thu, 20 Mar 2014 16:59:00 GMT
https://www.infosecurity-magazine.com/news/old-vulnerability-at-the-heart-of-escalating-php/

Source: InfosecMagazine
Source Link: https://www.infosecurity-magazine.com/news/old-vulnerability-at-the-heart-of-escalating-php/