According to Security Online , two new vulnerabilities in PHP were discovered and assigned the identifiers CVE-2023-3823 and CVE-2023-3824. The CVE-2023-3823 bug has a CVSS score of 8.6 and is an information disclosure vulnerability, allowing remote attackers to obtain sensitive information from the PHP application.
This vulnerability is due to insufficient validation of user-supplied XML input. An attacker could exploit it by sending a specially crafted XML file to the application. The code would be parsed by the application and the attacker could gain access to sensitive information, such as the contents of files on the system or the results of external requests.
The danger is that any application, library, and server that parses or interacts with XML documents is vulnerable to this vulnerability.
As a popular programming language today, PHP's security flaws are serious.
Meanwhile, CVE-2023-3824 is a buffer overflow vulnerability with a CVSS score of 9.4, allowing remote attackers to execute arbitrary code on systems running PHP. The vulnerability is due to a function in PHP that does improper bounds checking. An attacker can exploit it by sending a specially crafted request to the application, thereby causing a buffer overflow and gaining control of the system to execute arbitrary code.
Because of this danger, users are advised to update their systems to PHP version 8.0.30 as soon as possible. Additionally, steps should be taken to protect PHP applications from attacks, such as validating all user input and using a web application firewall (WAF).
Source link
![[Photo] Fireworks light up the sky of Ho Chi Minh City 50 years after Liberation Day](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/4/30/8efd6e5cb4e147b4897305b65eb00c6f)
![[Photo] Feast your eyes on images of parades and marching groups seen from above](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/4/30/3525302266124e69819126aa93c41092)
Comment (0)