Anonymous hacker in glowing computer interface

PHP Compromised. Backdoor Planted in Attack

What WordPress Users Need to Know. An unknown actor compromised the official PHP Git repository last night (March 28), pushing backdoored code under the guise of a minor edit.

The malicious attacker pushed two commits to the php-src repo for the popular scripting language that contained a backdoor allowing for remote code execution (RCE), maintainers revealed.

Late Sunday night, on March 28, 2021, Nikita Popov, a core PHP committer, released a statement indicating that two malicious commits had been pushed to the php-src git repository. These commits were pushed to create a backdoor that would have effectively allowed attackers to achieve remote code execution through PHP and an HTTP header.

SHARE

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on stumbleupon
Share on email
Scroll to Top