What is the PHP Unsupported Version?

The topic of this article is what an unsupported version of PHP is, how it can pose a threat, and how to shut it down.

The PHP Unsupported Version

PHP turns off some updates after a certain period of time, to never do it again. In this case, if it is using a version that has not received updates, it indicates that if a security vulnerability occurs, no patches will be received, which is a critical situation. Since it is not known what kind of vulnerability will occur in the version, it is necessary to follow the latest version and make updates.

As seen in the image, PHP 7.2.24 version is used. According to the table on the PHP page, support for versions 7.2 to 7.3 ended 1 year and 8 months ago.

Threat actors can damage systems by using the vulnerabilities that may occur in these versions, so it is necessary to use the latest and stable version.

Mitigation and Remediation

  • It is necessary to upgrade the PHP version to the latest and stable version.

 

References:

https://www.beyondsecurity.com/scan-pentest-network-vulnerabilities-php-unsupported-version-detection

https://www.php.net/downloads.php

https://www.php.net/eol.php