Invicti identified a Remote Code Evaluation (PHP) by capturing a DNS A request, which occurs when input data is run as code.
This is a highly critical issue and should be addressed as soon as possible.
- Why Framework Choice Matters in Web Application Security
- Sven Morgenroth Talks About PHP Object Injection Vulnerabilities on Paul’s Security Weekly Podcast
- End of Support for PHP 5 and PHP 7.0
- The Powerful Resource of PHP Stream Wrappers
- Sven Morgenroth Talks About PHP Type Juggling on Paul’s Security Weekly Podcast