Multiple vulnerabilities have been found in PHP. A remote attacker may exploit the vulnerabilities by sending specially crafted requests to an affected system.
Please note that PHP version 7.1 will reach its end-of-life on 1.12.2019 and no security updates will be provided after that. Support for older PHP versions, including version 7.0 and 5.x, were ceased. Users should arrange upgrading the PHP to the latest version or migrating to other supported technology.
Attempts to exploit the vulnerabilities could lead to arbitrary code execution and denial of services on an affected system.
PHP has released new versions to address the issues and they can be downloaded at the following URLs:
Administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://www.php.net/ChangeLog-7.php#7.1.32
https://www.php.net/ChangeLog-7.php#7.2.22
https://www.php.net/ChangeLog-7.php#7.3.9
https://www.php.net/supported-versions.php
https://www.us-cert.gov/ncas/current-activity/2019/09/05/ms-isac-releases-advisory-php-vulnerabilities
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-php-could-allow-for-arbitrary-code-execution_2019-087/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13224