May 05, 2023Ravie LakshmananProgramming / Software Security PHP software package repository Packagist revealed that an "attacker" gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date. "The attacker forked each of the packages and replaced the package description in composer.json with their own message … [Read more...] about Over a Dozen PHP Packages with 500 Million Compromised
PHP
Introducing the new PHP client for Elasticsearch 8
Introducing the new PHP client for Elasticsearch 8English简体中文한국어日本語FrançaisDeutschEspañolPortuguêsThe new PHP client for Elasticsearch 8 has been rewritten from scratch. Along with adopting the PSR standards, we’ve also redesigned the architecture and moved the HTTP transport layer outside. A pluggable system is also now available, thanks to the HTTPlug library.Read on to … [Read more...] about Introducing the new PHP client for Elasticsearch 8
15-Year-Old Bug in PEAR PHP Repository Could’ve Enabled Supply Chain Attacks
A 15-year-old security vulnerability has been disclosed in the PEAR PHP repository that could permit an attacker to carry out a supply chain attack, including obtaining unauthorized access to publish rogue packages and execute arbitrary code. "An attacker exploiting the first one could take over any developer account and publish malicious releases, while the second bug would … [Read more...] about 15-Year-Old Bug in PEAR PHP Repository Could’ve Enabled Supply Chain Attacks
New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers
If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely.The vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the … [Read more...] about New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers
Multiple Code Execution Flaws Found In PHP Programming Language
Maintainers of the PHP programming language recently released the latest versions of PHP to patch multiple high-severity vulnerabilities in its core and bundled libraries, the most severe of which could allow remote attackers to execute arbitrary code and compromise targeted servers.Hypertext Preprocessor, commonly known as PHP, is the most popular server-side web programming … [Read more...] about Multiple Code Execution Flaws Found In PHP Programming Language
WP Live Chat WordPress Plugin Re-Patches File Upload Flaw
After researchers were able to bypass a file upload validation flaw patch in WP Live Chat, a new patch has been issued. Source link … [Read more...] about WP Live Chat WordPress Plugin Re-Patches File Upload Flaw
GoDaddy Shutters 14,000 Subdomains Tied to ‘Snake Oil’ Scams
GoDaddy worked with researchers to shut down 15,000 domain-shadowing websites tied to bogus affiliate marketing offers promoted via spam campaigns. Source link … [Read more...] about GoDaddy Shutters 14,000 Subdomains Tied to ‘Snake Oil’ Scams
Pay What You Want: Back-End Developer Course Bundle
Learn Python, Ruby & PHP w/ 8 Courses of 95 + Hours of Programming Bootcamp Expires July 14, 2015 23:59 PST Buy now and get 99% off … [Read more...] about Pay What You Want: Back-End Developer Course Bundle