The malicious commits here and here gave the code the code-injection capability to visitors who had the word “zerodium” in an HTTP header. PHP.net hacked, code backdoored.

PHP official code base migrated to GitHub. As a precaution following this incident, PHP maintainers have decided to migrate the official PHP source code repository to GitHub.

CVE-2023-6553 allows unauthenticated attackers to take over targeted websites by gaining remote code execution through PHP code injection via the /includes/backup-heart.php file.

There is a remote PHP code-injection vulnerability (PMASA-2009-4) affecting phpMyAdmin. An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the ...

Security vendor Wordfence has revealed a new PHP code injection vulnerability with a CVSS score of 9.8, which could enable remote code execution (CVE-2023-6553). The impacted plugin, Backup Migration, ...

Attackers can inject and execute arbitrary PHP code using a flaw in Backup Migration, which has been downloaded more than 90K times. Elizabeth Montalbano, Contributing Writer December 12, 2023 ...

The majority of the remaining vulnerabilities are marked as"moderately critical".Among other things, PHP code injection can occur at these points, allowing attackers to execute their own code.