Versión PHP WS-8-150-DC

This is my personal thread to share practices that have served my WISP well
jsanchez
Member
 
Posts: 5
Joined: Fri Nov 02, 2018 1:49 pm
Has thanked: 0 time
Been thanked: 0 time

Versión PHP WS-8-150-DC

Thu Jan 14, 2021 7:32 pm

Good afternoon, I am writing from Bogotá - Colombia, we have a netonix WS-8-150-DC installed in the network of one of our clients and they have a team that monitors their entire network and sent us the following message:
The remote web server uses a version of PHP that is affected by a remote code execution vulnerability. (PHP <5.3.12 / 5.4.2 CGI Query String Code Execution), (CGI abuses). Proposed mitigation: Upgrade to PHP version 7.1.x / 7.2.x / 7.3.x
Our question is: What version of PHP does netonix use and is it possible to do what our client requests?
Thanks for your quick response.

User avatar
Stephen
Employee
Employee
 
Posts: 1036
Joined: Sun Dec 24, 2017 8:56 pm
Has thanked: 87 times
Been thanked: 188 times

Re: Versión PHP WS-8-150-DC

Thu Jan 14, 2021 7:45 pm

The switch uses php-cli version 5.2.6 internally, the majority of the switch functionality via the web UI is built from it and although I have plans to eventually upgrade this to a later version of php or preferably use a different framework altogether, it is not possible for me to do so now.

adnan
Member
 
Posts: 1
Joined: Fri Jun 16, 2023 9:51 am
Has thanked: 0 time
Been thanked: 0 time

Re: Versión PHP WS-8-150-DC

Fri Jun 16, 2023 11:07 am

Good morning, Still seeing this vulnerability in switches, when the Netonix team would be able to upgrade, or still in progress?

Return to Sirhc's Corner

Who is online

Users browsing this forum: No registered users and 1 guest