{"id":3735,"date":"2025-07-10T08:56:10","date_gmt":"2025-07-10T08:56:10","guid":{"rendered":"https:\/\/certera.com\/blog\/?p=3735"},"modified":"2025-07-10T08:56:11","modified_gmt":"2025-07-10T08:56:11","slug":"critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now","status":"publish","type":"post","link":"https:\/\/certera.com\/blog\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\/","title":{"rendered":"Critical PHP Vulnerabilities Allow SQL Injection &amp; DoS Attacks \u2013 Patch Now"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">If you&#8217;re using PHP in your applications, it&#8217;s time to stop what you&#8217;re doing and check your version. Recently, security researchers disclosed two serious vulnerabilities in PHP that could allow attackers to perform <strong>SQL injection (SQLi)<\/strong> and <strong>denial-of-service (DoS) attacks<\/strong>. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">These issues affect widely used components, <strong>PostgreSQL and SOAP<\/strong> extensions, and put both small websites and enterprise apps at risk. And the worst part? They affect millions of live applications still using vulnerable versions.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The flaws, tracked as <strong>CVE-2025-1735<\/strong> and <strong>CVE-2025-6491<\/strong>, have been rated as moderate in severity, but their impact could be anything but. In many environments, these vulnerabilities can be chained with other weaknesses or even misconfigurations, turning what appears to be a minor bug into a critical security incident.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-s-happening\">What\u2019s Happening?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Two flaws, CVE-2025-1735 and CVE-2025-6491, are shaking the PHP world. These vulnerabilities impact PostgreSQL and SOAP extensions in PHP. They don\u2019t just open the door to data theft and service crashes, they practically take the door off its hinges.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-tl-dr-key-takeaways\">TL;DR \u2013 Key Takeaways:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>SQL Injection Risk<\/strong> via PostgreSQL (CVE-2025-1735)<\/li>\n\n\n\n<li><strong>DoS Crash Risk<\/strong> via SOAP (CVE-2025-6491)<\/li>\n\n\n\n<li><strong>Affected Versions:<\/strong> PHP &lt; 8.1.33, &lt; 8.2.29, &lt; 8.3.23, &lt; 8.4.10<\/li>\n\n\n\n<li><strong>Patched Versions:<\/strong> 8.1.33+, 8.2.29+, 8.3.23+, 8.4.10+<\/li>\n\n\n\n<li><strong>Act fast <\/strong>or risk full application compromise<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-cve-2025-1735-sql-injection-app-crash-via-postgresql-extension\">CVE-2025-1735 \u2013 SQL Injection + App Crash via PostgreSQL Extension<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Let\u2019s start with <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2025-1735\">CVE-2025-1735<\/a>, which impacts <strong>the PostgreSQL (pgsql) extension<\/strong> in PHP. This flaw stems from improper error handling when escaping input data that is later used in SQL queries. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">More specifically, PHP does not pass the necessary error parameters to the <strong>PQescapeStringConn()<\/strong> function. Because of this, it silently fails to catch encoding issues. In parallel, it also fails to check if the <strong>PQescapeIdentifier() <\/strong>function returns NULL, which, according to documentation, signals an error. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Also Read:<\/strong> <a href=\"https:\/\/certera.com\/blog\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\/\">Critical Vulnerabilities Fixed in Trend Micro\u2019s Apex Central and PolicyServer<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As a result, the application either continues without flagging the error or crashes, depending on how it&#8217;s written. Either way, it opens the door for attackers.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This implies that an attacker may insert well-designed input that bypasses application defensive mechanisms, escapes incorrectly, and is later used in a malicious SQL command. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Also Read:<\/strong> <a href=\"https:\/\/certera.com\/blog\/palo-alto-releases-patch-for-pan-os-dos-flaw-cve-2024-3393\/\">Palo Alto Urges PAN-OS Users to Update for DoS Flaw Mitigation<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">That is the SQL injection, a severe problem, which may give unauthorised users access to your data, or may affect your database in many other ways, and even execute remote code in certain configurations.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The thing is that this exploit is <strong>much more dangerous<\/strong>, as it is tied to a<strong> PostgreSQL bug (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2025-1094\">CVE-2025-1094<\/a>).<\/strong> Although the PostgreSQL team has patched their side, the escape operations that are performed internally in PHP cannot generate the anticipated errors. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Therefore, in case you are upgrading the database but not the PHP runtime, you are not on the safe side.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-cve-2025-6491-soap-extension-can-take-you-down-with-a-single-request\">CVE-2025-6491 \u2013 SOAP Extension Can Take You Down with a Single Request<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Now let\u2019s talk about <strong><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-6491\">CVE-2025-6491<\/a>.<\/strong> This one affects the <strong>SOAP extension<\/strong>. It might sound less common, but it\u2019s still used in a lot of legacy applications, especially in enterprise environments. The issue occurs when a SoapVar instance is created using a namespace name longer than 2 gigabytes, a huge but technically valid input. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This causes a NULL pointer dereference that results in a segmentation fault, crashing the entire application. The root cause is tied to limitations in older versions of <strong>libxml2 (below 2.13)<\/strong>, which cannot handle XML node names of that size.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Also Read:<\/strong> <a href=\"https:\/\/certera.com\/blog\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\/\">Tomcat Flaws Expose Servers to DoS, Auth Bypass &amp; Privilege Escalation<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In simpler terms, an attacker can send a malicious SOAP request that causes your server to crash. While it may not grant access to data, it can take your application offline, creating a perfect window for further attacks or simply wreaking havoc on your uptime.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Security experts have already confirmed that these vulnerabilities can be reliably reproduced. <strong>Both issues affect all PHP versions before 8.1.33, 8.2.29, 8.3.23, and 8.4.10<\/strong>. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">That means if your server is running anything below these versions, you\u2019re likely exposed. Even development releases like PHP 8.5.0-dev are impacted if paired with an older libxml2 library.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-vulnerability-snapshot\">Vulnerability Snapshot<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>CVE<\/strong> <strong>&nbsp;<\/strong><\/td><td><strong>Component<\/strong> <strong>&nbsp;<\/strong><\/td><td><strong>Type<\/strong> <strong>&nbsp;<\/strong><\/td><td><strong>Affected Versions<\/strong> <strong>&nbsp;<\/strong><\/td><td><strong>CVSS Score<\/strong><strong><\/strong><\/td><\/tr><tr><td><strong>CVE-2025-1735<\/strong><\/td><td>PostgreSQL extension<\/td><td>SQL Injection \/ DoS<\/td><td>&lt; 8.1.33 \/ 8.2.29 \/ 8.3.23 \/ 8.4.10<\/td><td><strong>9.1 (Critical)<\/strong><strong><\/strong><\/td><\/tr><tr><td><strong>CVE-2025-6491<\/strong><\/td><td>SOAP extension<\/td><td>Denial of Service<\/td><td>Same versions + libxml2 &lt; 2.13<\/td><td><strong>5.9 (Moderate)<\/strong> &nbsp;<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-you-should-do-right-now\">What You Should Do (Right Now)?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The fixes are already available. Developers and administrators should upgrade to the patched PHP versions without delay<strong>.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In addition to upgrading, it\u2019s equally important to audit your code for unsafe database operations and improper handling of SOAP input. If you\u2019re relying on legacy integrations, this might also be a good time to consider modernising or adding an automated monitoring tool, such as <a href=\"https:\/\/certera.com\/sitelock\">Sitelock<\/a>, and stay secure from these attacks in the future.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Attacks exploiting these types of vulnerabilities often fly under the radar until it&#8217;s too late. SQL injection can be subtle and hard to detect once executed. <a href=\"https:\/\/certera.com\/blog\/largest-ddos-attacks-reported-till-today\/\">DoS attacks<\/a>, on the other hand, might appear like a random crash until the pattern becomes obvious. That\u2019s why early action is key. Keep logs, set up monitoring, and configure alerts to help you catch potential exploitation attempts early.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-conclusion\">Conclusion<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Don\u2019t wait for an attack to expose your weak spot. These PHP flaws are real, exploitable, and already being watched by threat actors. Updating your systems is step one, but staying secure is an ongoing game.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Prevent SQL injection and DDoS attacks on your website with automated monitoring tools like <strong><a href=\"https:\/\/certera.com\/sitelock\">SiteLock Security<\/a><\/strong>, and keep your site safe 24\/7.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you&#8217;re using PHP in your applications, it&#8217;s time to stop what you&#8217;re doing and check your version. Recently, security researchers disclosed two serious vulnerabilities in PHP that could allow attackers to perform SQL injection (SQLi) and denial-of-service (DoS) attacks. These issues affect widely used components, PostgreSQL and SOAP extensions, and put both small websites<span class=\"morelink d-block mt-3\"><a href=\"https:\/\/certera.com\/blog\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\/\">Read More<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":3737,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32],"tags":[716],"class_list":["post-3735","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vulnerability","tag-critical-php-vulnerabilities","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Critical PHP Vulnerabilities Allow SQL Injection &amp; DoS Attacks: Patch Now<\/title>\n<meta name=\"description\" content=\"Security researchers found 2 critical vulnerabilities in PHP that could allow attackers to launch SQLi and DoS attacks. Explore in detail.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/certera.com\/blog\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Critical PHP Vulnerabilities Allow SQL Injection &amp; DoS Attacks: Patch Now\" \/>\n<meta property=\"og:description\" content=\"Security researchers found 2 critical vulnerabilities in PHP that could allow attackers to launch SQLi and DoS attacks. Explore in detail.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/certera.com\/blog\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\/\" \/>\n<meta property=\"og:site_name\" content=\"EncryptedFence by Certera - Web &amp; Cyber Security Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/certeraLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-10T08:56:10+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-10T08:56:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/07\/critical-php-vulnerabilities.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"960\" \/>\n\t<meta property=\"og:image:height\" content=\"620\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Janki Mehta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@certera_llc\" \/>\n<meta name=\"twitter:site\" content=\"@certera_llc\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Janki Mehta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\\\/\"},\"author\":{\"name\":\"Janki Mehta\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/person\\\/e5a476aa90d9e02260ebfe4b0bf046b7\"},\"headline\":\"Critical PHP Vulnerabilities Allow SQL Injection &amp; DoS Attacks \u2013 Patch Now\",\"datePublished\":\"2025-07-10T08:56:10+00:00\",\"dateModified\":\"2025-07-10T08:56:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\\\/\"},\"wordCount\":930,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/critical-php-vulnerabilities.webp\",\"keywords\":[\"Critical PHP Vulnerabilities\"],\"articleSection\":[\"Vulnerability\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/certera.com\\\/blog\\\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\\\/#respond\"]}],\"copyrightYear\":\"2025\",\"copyrightHolder\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\\\/\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\\\/\",\"name\":\"Critical PHP Vulnerabilities Allow SQL Injection & DoS Attacks: Patch Now\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/critical-php-vulnerabilities.webp\",\"datePublished\":\"2025-07-10T08:56:10+00:00\",\"dateModified\":\"2025-07-10T08:56:11+00:00\",\"description\":\"Security researchers found 2 critical vulnerabilities in PHP that could allow attackers to launch SQLi and DoS attacks. Explore in detail.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/certera.com\\\/blog\\\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\\\/#primaryimage\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/critical-php-vulnerabilities.webp\",\"contentUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/critical-php-vulnerabilities.webp\",\"width\":960,\"height\":620,\"caption\":\"Critical Security Vulnerability in PHP\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/certera.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Critical PHP Vulnerabilities Allow SQL Injection &amp; DoS Attacks \u2013 Patch Now\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/\",\"name\":\"EncryptedFence by Certera - Web & Cyber Security Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"},\"alternateName\":\"Certera's EncryptedFence Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/certera.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\",\"name\":\"Certera\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-encryptedfence.svg\",\"contentUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-encryptedfence.svg\",\"caption\":\"Certera\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/certeraLLC\\\/\",\"https:\\\/\\\/x.com\\\/certera_llc\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/certera-llc\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/person\\\/e5a476aa90d9e02260ebfe4b0bf046b7\",\"name\":\"Janki Mehta\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"caption\":\"Janki Mehta\"},\"description\":\"Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web\\\/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.\",\"sameAs\":[\"https:\\\/\\\/certerassl.com\\\/\"],\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/author\\\/certerabguser\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Critical PHP Vulnerabilities Allow SQL Injection & DoS Attacks: Patch Now","description":"Security researchers found 2 critical vulnerabilities in PHP that could allow attackers to launch SQLi and DoS attacks. Explore in detail.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/certera.com\/blog\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\/","og_locale":"en_US","og_type":"article","og_title":"Critical PHP Vulnerabilities Allow SQL Injection & DoS Attacks: Patch Now","og_description":"Security researchers found 2 critical vulnerabilities in PHP that could allow attackers to launch SQLi and DoS attacks. Explore in detail.","og_url":"https:\/\/certera.com\/blog\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\/","og_site_name":"EncryptedFence by Certera - Web &amp; Cyber Security Blog","article_publisher":"https:\/\/www.facebook.com\/certeraLLC\/","article_published_time":"2025-07-10T08:56:10+00:00","article_modified_time":"2025-07-10T08:56:11+00:00","og_image":[{"width":960,"height":620,"url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/07\/critical-php-vulnerabilities.webp","type":"image\/jpeg"}],"author":"Janki Mehta","twitter_card":"summary_large_image","twitter_creator":"@certera_llc","twitter_site":"@certera_llc","twitter_misc":{"Written by":"Janki Mehta","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/certera.com\/blog\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\/#article","isPartOf":{"@id":"https:\/\/certera.com\/blog\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\/"},"author":{"name":"Janki Mehta","@id":"https:\/\/certera.com\/blog\/#\/schema\/person\/e5a476aa90d9e02260ebfe4b0bf046b7"},"headline":"Critical PHP Vulnerabilities Allow SQL Injection &amp; DoS Attacks \u2013 Patch Now","datePublished":"2025-07-10T08:56:10+00:00","dateModified":"2025-07-10T08:56:11+00:00","mainEntityOfPage":{"@id":"https:\/\/certera.com\/blog\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\/"},"wordCount":930,"commentCount":0,"publisher":{"@id":"https:\/\/certera.com\/blog\/#organization"},"image":{"@id":"https:\/\/certera.com\/blog\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\/#primaryimage"},"thumbnailUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/07\/critical-php-vulnerabilities.webp","keywords":["Critical PHP Vulnerabilities"],"articleSection":["Vulnerability"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/certera.com\/blog\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\/#respond"]}],"copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/certera.com\/blog\/#organization"}},{"@type":"WebPage","@id":"https:\/\/certera.com\/blog\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\/","url":"https:\/\/certera.com\/blog\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\/","name":"Critical PHP Vulnerabilities Allow SQL Injection & DoS Attacks: Patch Now","isPartOf":{"@id":"https:\/\/certera.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/certera.com\/blog\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\/#primaryimage"},"image":{"@id":"https:\/\/certera.com\/blog\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\/#primaryimage"},"thumbnailUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/07\/critical-php-vulnerabilities.webp","datePublished":"2025-07-10T08:56:10+00:00","dateModified":"2025-07-10T08:56:11+00:00","description":"Security researchers found 2 critical vulnerabilities in PHP that could allow attackers to launch SQLi and DoS attacks. Explore in detail.","breadcrumb":{"@id":"https:\/\/certera.com\/blog\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/certera.com\/blog\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/certera.com\/blog\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\/#primaryimage","url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/07\/critical-php-vulnerabilities.webp","contentUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/07\/critical-php-vulnerabilities.webp","width":960,"height":620,"caption":"Critical Security Vulnerability in PHP"},{"@type":"BreadcrumbList","@id":"https:\/\/certera.com\/blog\/critical-php-vulnerabilities-allow-sql-injection-dos-attacks-patch-now\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/certera.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Critical PHP Vulnerabilities Allow SQL Injection &amp; DoS Attacks \u2013 Patch Now"}]},{"@type":"WebSite","@id":"https:\/\/certera.com\/blog\/#website","url":"https:\/\/certera.com\/blog\/","name":"EncryptedFence by Certera - Web & Cyber Security Blog","description":"","publisher":{"@id":"https:\/\/certera.com\/blog\/#organization"},"alternateName":"Certera's EncryptedFence Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/certera.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/certera.com\/blog\/#organization","name":"Certera","url":"https:\/\/certera.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/certera.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/08\/logo-encryptedfence.svg","contentUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/08\/logo-encryptedfence.svg","caption":"Certera"},"image":{"@id":"https:\/\/certera.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/certeraLLC\/","https:\/\/x.com\/certera_llc","https:\/\/www.linkedin.com\/company\/certera-llc\/"]},{"@type":"Person","@id":"https:\/\/certera.com\/blog\/#\/schema\/person\/e5a476aa90d9e02260ebfe4b0bf046b7","name":"Janki Mehta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","caption":"Janki Mehta"},"description":"Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web\/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.","sameAs":["https:\/\/certerassl.com\/"],"url":"https:\/\/certera.com\/blog\/author\/certerabguser\/"}]}},"_links":{"self":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/3735","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/comments?post=3735"}],"version-history":[{"count":1,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/3735\/revisions"}],"predecessor-version":[{"id":3736,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/3735\/revisions\/3736"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/media\/3737"}],"wp:attachment":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/media?parent=3735"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/categories?post=3735"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/tags?post=3735"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}