Arbitrary code execution in PHP - CVE-2016-7416
Published: September 19, 2016
Vulnerability identifier: #VU523
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-7416
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: PHP Group
Affected software:
PHP
PHP
Detailed vulnerability description
The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by memory corruption in local data handling that allows a malicious user to get access to the system and cause arbitrary code execution.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.
The weakness is caused by memory corruption in local data handling that allows a malicious user to get access to the system and cause arbitrary code execution.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.
How to mitigate CVE-2016-7416
Update to 5.6.26.
http://php.net/ChangeLog-5.php#5.6.26
Update to 7.0.11.
http://php.net/ChangeLog-7.php#7.0.11
http://php.net/ChangeLog-5.php#5.6.26
Update to 7.0.11.
http://php.net/ChangeLog-7.php#7.0.11