Nasty bug with very simple exploit hits PHP just in time for the weekend With PoC code available and active Internet scans, speed is of the essence.

HTML and JavaScript run in the browser, PHP executes in the Web application server, and SQL executes in the database server. [ PHP developers have many good IDEs to choose from.

The actors create a basic backdoor using a debugging function that allows the system to download two webshells onto the US firm's web server, giving the attackers backdoors for further exploitation.