A new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide.

But, that is hardly surprising as with source code version control systems like Git, it is possible to sign-off a commit as coming from anybody else [1, 2] locally and then upload the spoofed ...

By moving their code infrastructure to a third-party service like GitHub, open-source projects can outsource server administration and security to a service provider that has paid full-time ...

Two updates pushed to the PHP Git server over the weekend added a line that, if run by a PHP-powered website, would have allowed visitors with no authorization to execute code of their choice.

The open-source server-side language is commonly used in web development. The code change was first noticed by contributors Markus Staab, Michael Voříšek, and Jake Birchall.