A flaw in two WordPress plugins allowed malicious comments to run PHP code on sites.

This may aid them in brute-force password cracking or other attacks. phpMyAdmin ‘setup.php’ PHP Code Injection Vulnerability: phpMyAdmin is prone to a remote PHP code-injection vulnerability.

A new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide.

Security vendor Wordfence has revealed a new PHP code injection vulnerability with a CVSS score of 9.8, which could enable remote code execution (CVE-2023-6553). The impacted plugin, Backup Migration, ...

A hacker compromised the server used to distribute the PHP programming language and added a backdoor to source code that would have made websites vulnerable to complete takeover, members of the ...

Unidentified attackers accessed credit card data and created a backdoor into the victim's systems, says law enforcement agency.

There is a remote PHP code-injection vulnerability (PMASA-2009-4) affecting phpMyAdmin.

The majority of the remaining vulnerabilities are marked as "moderately critical ". Among other things, PHP code injection can occur at these points, allowing attackers to execute their own code.