Page 1 of 1

Versión PHP WS-8-150-DC

Posted: Thu Jan 14, 2021 7:32 pm
by jsanchez
Good afternoon, I am writing from Bogotá - Colombia, we have a netonix WS-8-150-DC installed in the network of one of our clients and they have a team that monitors their entire network and sent us the following message:
The remote web server uses a version of PHP that is affected by a remote code execution vulnerability. (PHP <5.3.12 / 5.4.2 CGI Query String Code Execution), (CGI abuses). Proposed mitigation: Upgrade to PHP version 7.1.x / 7.2.x / 7.3.x
Our question is: What version of PHP does netonix use and is it possible to do what our client requests?
Thanks for your quick response.

Re: Versión PHP WS-8-150-DC

Posted: Thu Jan 14, 2021 7:45 pm
by Stephen
The switch uses php-cli version 5.2.6 internally, the majority of the switch functionality via the web UI is built from it and although I have plans to eventually upgrade this to a later version of php or preferably use a different framework altogether, it is not possible for me to do so now.

Re: Versión PHP WS-8-150-DC

Posted: Fri Jun 16, 2023 11:07 am
by adnan
Good morning, Still seeing this vulnerability in switches, when the Netonix team would be able to upgrade, or still in progress?