We then used an Shodan to look for open PHP web servers susceptible to known CVEs and investigated the results for statistical data.įrom the initial results, we filtered out false positives and honeypots - decoy services or systems set up by security researchers that pose as targets for malicious actors.Ĩ0,000+ PHP web servers are vulnerable to threat actorsĪs we can see, there are more than 80,000 vulnerable PHP web servers out in the wild. In order to carry out this investigation, we gathered a list of 20 different versions and subversions of PHP (from v3.0.0 to v7.4.3), and matched them with known Common Vulnerabilities and Exposures (CVEs) associated with those versions. Sadly, it seems that this isn’t always the case (to put it mildly), and this CyberNews investigation is the latest example of the widespread problem.
#PHP 5.2 RISK SOFTWARE#
You’d think that after years of massive breaches and devastating cyberattacks making the headlines, keeping essential software up to date would be a top priority for developers. What we discovered was eye-opening: tens of thousands of web servers are still running outdated versions of PHP, with more than 80,000 being susceptible to hundreds of known vulnerabilities and ripe for being easily compromised by malicious actors. In light of this, we at CyberNews decided to look at the numbers of vulnerable PHP web servers in the wild. Sadly, known vulnerabilities found in unpatched applications powered by PHP - such as cross-site scripting (XSS) and SQL injection (SQLi) - are sometimes missed or ignored by overworked or less security-conscious developers. Therefore, using the most recent version of PHP is highly highly recommended. This means that, depending on the service it’s hosting, a single web server running an unpatched version of PHP can seriously impact thousands, if not millions of users around the world. By abusing these unpatched versions, malicious actors could exploit known security vulnerabilities to gain unauthorized access to the sites, modify their content, and steal user data. PHP is regularly evolving, and when developers use an outdated version of the language, they expose their websites to security risks. It makes the data stored on these applications and servers vulnerable to cybercriminals. However, like everything else on the web, applications based on outdated versions of PHP deployed on live servers are susceptible to hacking and cyberattacks. The main reason behind this is PHP’s open-source nature, lightweight structure, and developer-friendly yet powerful features. It powers about 80% of the web, including popular content management systems like Drupal and WordPress. PHP is one of the most commonly used programming languages on the planet. CyberNews researchers found more than 80,000 servers worldwide still running on outdated versions of PHP that are susceptible to hundreds of known vulnerabilities, making them easy prey to threat actors.
0 kommentar(er)
