This exploit uses a bug reported over 10 years ago. As usual, the PoC was tested on various php builds for Debian/Ubuntu/CentOS/FreeBSD with cli/fpm/apache2 server APIs and found to work reliably.
- 5.* - exploitable with minor changes to the PoC
- 7.0 - all versions to date
- 7.1 - all versions to date
- 7.2 - all versions to date
- 7.3 - all versions to date
- 7.4 < 7.4.26
- 8.0 < 8.0.13
Stop relying on disable_functions (or any other php.ini settings) for security.
There are many memory corruption vulnerabilities in PHP - some of them are publicly known, others are not. Regardless, PHP devs don't care much about these, as you can see in the bug reports.
This PoC is for demonstration purposes only. The exploits that could've been developed/used during the past decade might be not.