The PHP Group has released PHP 5.4.3 and 5.3.13 on Tuesday in order to address two remote code execution vulnerabilities, one of which is being actively exploited by hackers. The vulnerability, known as CVE-2012-2311, was publicly disclosed last week and prompted the PHP Group to release. The initial patch proved to be ineffective against all variations of the exploit for the vulnerability, and the manual workaround suggested by the PHP developers was easy to bypass as well. The developers investigated the issue further and published a new workaround on Sunday.”]
Source: https://www.csoonline.com/article/2131657/php-patches-actively-exploited-cgi-vulnerability.html