Blog

Aug 12, 2023

Code exploiting two critical PHP(< 8.0.30) vulnerabilities published

Posted by in category: security

PHP is a widely used programming language that is put to use in the production of dynamic web pages. On the other hand, much like any other program, it is not completely safe from security flaws. CVE-2023–3823 and CVE-2023–3824 are the names of two new security flaws that have been identified in PHP during the course of the last several months.

An information disclosure vulnerability known as CVE-2023–3823 exists in PHP applications and makes it possible for a remote attacker to access sensitive data stored inside such applications. Inadequate validation of the XML input given by the user is the root cause of the vulnerability. This vulnerability might be exploited by the attacker by having them transmit a specially designed piece of XML code to the program. The program would then proceed to parse the code, at which point the attacker would be able to obtain access to sensitive information such as the contents of arbitrary files on the system or the results of queries made to external sources.

This issue may affect any program, library, or service that interacts with XML documents in any way, including processing or communicating with them. Because to the hard work done by nickvergessen, a security researcher, who also released the proof-of-concept.

Comments are closed.