PHP vulnerability originally disclosed in March 2012 – and revised in October 2013 after a hacker found an easier way to take advantage of the exploit – is still impacting users after all these years, according to researchers with Imperva.
The reason why is simple: people are not patching the vulnerability, Barry Shteiman, director of security strategy with Imperva, told SCMagazine.com on Wednesday.
More than 80 percent of all websites on the internet are written in the server-side scripting and general-purpose programming language, he said, adding that about 16 percent of those sites are vulnerable to the exploit.
About 244 million websites use PHP, according to usage stats provided by Netcraft for January 2013.
“The vulnerability enables a remote attacker to execute arbitrary commands on a web server with PHP versions 5.4.x, 5.3.x before 5.4.2 or 5.3.12.,” according to an Imperva advisory posted on Tuesday. “The simple, straightforward explanation is…
View original post 198 more words