CVE-2018-10545

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.6.35 PHP versions 7.0.x prior to 7.0.29 PHP versions 7.1.x prior to 7.1.16 PHP versions 7.2.x prior to 7.2.4

Description The issue is related to the lack of protection for service data in PHP's FPM child processes, allowing an attacker to bypass opcache access controls. This could enable an attacker to gain unauthorized access to sensitive information. In a multiuser environment, one user can exploit this issue to obtain sensitive information from another user's PHP applications by running gcore on the PID of the PHP-FPM worker process.

Recommendations For PHP versions prior to 5.6.35, update to version 5.6.35 or later. For PHP versions 7.0.x prior to 7.0.29, update to version 7.0.29 or later. For PHP versions 7.1.x prior to 7.1.16, update to version 7.1.16 or later. For PHP versions 7.2.x prior to 7.2.4, update to version 7.2.4 or later.