This link provides JSON and XML feeds, official CVSS scores, and impact metrics.
Some notable CVEs that affect 5.6.40:
"PHP Vulnerability Shield"
and no longer receives official security updates from the PHP Group. Core Vulnerabilities and Security Status Official Support Status php version 5640 vulnerabilities link
PHP 5.6.40
Although version 5.6.40 fixed several critical flaws present in 5.6.39, it remains heavily targeted by automated exploit kits. Security platforms like Tenable Nessus classify the remaining attack vectors under multiple critical CVE designations.
: Because official support ended in December 2018, no new CVEs are officially "fixed" by the PHP team for this version. This makes the version "low hanging fruit" for attackers who look for sites still running this legacy code. This link provides JSON and XML feeds, official
Attackers can exploit flaws in older PHP versions to execute arbitrary code on the server, gaining full control over the website and underlying infrastructure.
| CVE ID | Description | CVSS | |--------|-------------|------| | | Remote code execution via env request variable (PHP-FPM) – unpatched in 5.6.40 | 9.8 (Critical) | | CVE-2019-9641 | Buffer overflow in php_url_parse_ex – DoS/RCE | 7.5 (High) | | CVE-2019-9020 | XML parsing vulnerability in libxml2 affecting PHP | 7.5 | | CVE-2018-20783 | Buffer over-read in php_escape_html_entities | 7.5 | | CVE-2016-10712 | Use-after-free in stream_get_filters | 7.5 |
and no longer receives security patches from the PHP development team. Attackers can exploit flaws in older PHP versions
Released in January 2019, this version was the last gasp of the PHP 5 era. While it may keep your legacy code running, it represents a significant security liability. In this post, we break down the vulnerability landscape of PHP 5.6.40, where to find the data, and why you need an exit strategy immediately.
. Since that date, the official PHP development team has provided no security updates or bug fixes
https://www.cvedetails.com/version/171048/PHP-PHP-5.6.40.html
|
|