PHP has released security advisories to address multiple vulnerabilities in PHP. The detailed information about the vulnerabilities can be found at:
https://www.php.net/ChangeLog-8.php
Reports indicate that the remote code execution vulnerability (CVE-2024-4577) in PHP is being exploited in the wild affecting PHP installed on the Windows operating system. XAMPP installations on Windows are also vulnerable by default. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
Please note that No patches are available for PHP 8.0, PHP 7, and PHP 5 as they are End-of-Life. For detailed information of the affected systems, please refer to the corresponding security advisory at vendor's website.
Successful exploitation of the vulnerabilities could lead to remote code execution or security restriction bypass on an affected system.
Patches for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.