A security flaw discovered in a common PHP script allows knowledgeable attackers to execute code on a website that uses a vulnerable version of the script, which in turn can allow an attacker to ...

Impacted are PHP-based websites running a vulnerable version of the web-app creation tool Zend Framework and some Laminas Project releases.

Nasty bug with very simple exploit hits PHP just in time for the weekend With PoC code available and active Internet scans, speed is of the essence.

Severe security bug found in popular PHP library for creating PDF files Vulnerability patched last year, but many websites and web apps will most likely remain vulnerable for years.

PHP Everywhere code execution bugs impact thousands of WordPress websites The remote code execution flaws are of critical severity.

WordPress CMS installations are vulnerable to a PHP bug related to data unserialization (also known as deserialization), a security researcher has revealed at the start of the month.

In this second excerpt from Advanced PHP Programming, George Schlossnagle offers advice on how to defend against both attacks and carelessness.

As promised last year the initiative ‘Month of PHP bugs’ began on March 1st. Whereas previous efforts in the same vein — month of bugs for Mac, browsers and kernels — were new bugs, this ...