Check Point has analyzed the function “unserialize” and has found several problems that favor the execution of denial of service attacks, or allow you to control servers by full.

An analysis of the team of researchers from Check Point about the most recent version of the programming language PHP web has resulted in the discovery of several security problems in PHP 7.

According to detailed Check Point, their study has focused in the function “unserialize”, who had already served the criminals to put in a check to platforms such as Magento, Drupal, and Joomla!, among others, with PHP 5.

This same function contained in the PHP 7 until three vulnerabilities a zero-day that had not been discovered. Two of them, CVE-2016-7479 and CVE-2016-7480, allowed a criminal to control servers by full to finish altering web pages, and distributing malware, or stealing sensitive information. The third, CVE-2016-7478, favours an attack of denial of service “it ends up hanging the web, consuming all the memory and closing”, the experts say.

From Check Point to warn that to face this type of threats, “the traditional solutions of cyber security do not serve”. In fact, “only with the best prevention technologies, companies can stay ahead of the hackers and keep safe your data”.

Check Point conveyed his findings on this trio of vulnerabilities a few months ago the team of PHP security, that in October and December parcheaba two of them.