Hi Folks, 

PHP has a Remote Code Execution Vulnerability that has been rated as 9.8 on CVSSv3 which is pretty much a ‘PATCH NOW’ vulnerability. 

Versions affected:

• 8.1.28 and below
• 8.2.19 and below
• 8.3.7 and below

More here:

• https://www.tenable.com/blog/cve-2024-4577-proof-of-concept-available-for-php-cgi-argument-injection-vulnerability

Latest Versions - Release notes:

• 8.1.29 - https://www.php.net/ChangeLog-8.php#8.1.29
• 8.2.20 - https://www.php.net/ChangeLog-8.php#8.2.20
• 8.3.8 - https://www.php.net/ChangeLog-8.php#8.3.8