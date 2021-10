Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. In 2010, Steffan Esser gave a presentation in Las Vegas that rocked the PHP world. He had discovered a new kind of vulnerability that today we call a “PHP Object Injection” vulnerability. This kind of vulnerability allows an attacker to send a PHP application some data that is turned into an object that lives in memory. If the application then assumes that object and its data is secure, and does things with that object, it could lead to a compromised website.

SOFTWARE ・ 2 DAYS AGO