Vulners
Lucene search
PHP Version Detection
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(48243);
script_version("1.32");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/22");
script_xref(name:"IAVT", value:"0001-T-0936");
script_name(english:"PHP Version Detection");
script_set_attribute(attribute:"synopsis", value:
"It was possible to obtain the version number of the remote PHP
installation.");
script_set_attribute(attribute:"description", value:
"Nessus was able to determine the version of PHP available on the
remote web server.");
script_set_attribute(attribute:"solution", value:
"n/a");
script_set_attribute(attribute:"risk_factor", value:"None");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/04");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"asset_inventory", value:"True");
script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2010-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("http_version.nasl", "phpinfo.nasl");
script_require_keys("www/PHP");
script_require_ports("Services/www", 80);
exit(0);
}
include("backport.inc");
include("http.inc");
include("webapp_func.inc");
var app, cpe, port, source, version, installs, banner, pat, matches, item, vers, dir, report, path, extra, sources_str, sources, backport;
app = "PHP";
cpe = "cpe:/a:php:php";
get_kb_item_or_exit("www/PHP");
port = get_http_port(default:80, php:TRUE);
source = NULL;
version = NULL;
installs = make_array();
banner = get_http_banner(port:port);
if (!isnull(banner))
{
# Identify the source header line and version info.
pat = '^(Server|X-Powered-By):.*PHP/([0-9][^ ]+)';
matches = pgrep(icase:TRUE, string:banner, pattern:pat);
if (matches)
{
foreach var line (split(matches, keep:FALSE))
{
item = pregmatch(icase:TRUE, pattern:pat, string:line);
if (!isnull(item))
{
source = line;
version = item[2];
# Determine if it's been backported.
get_php_version(banner:line);
if (is_backported())
set_kb_item(name: 'www/php/'+port+'/'+version+'/backported', value:TRUE);
#reporting
installs[version] += source + ', ';
}
}
}
}
if (max_index(keys(installs)) == 0)
{
# Get version from webmirror if banner check fails
version = get_kb_item("www/"+port+"/webmirror_php_version");
if (!isnull(version))
{
source = get_kb_item("www/"+port+"/webmirror_php_source");
# Should not occur
if (isnull(source)) source = 'X-Powered-By server header';
# Determine if it's been backported.
get_php_version(banner:source);
if (is_backported())
set_kb_item(name: 'www/php/'+port+'/'+version+'/backported', value:TRUE);
#reporting
installs[version] += source + ', ';
}
}
# Check for version info from phpinfo.nasl and extract unique values
vers = get_kb_list('www/phpinfo/'+port+'/version/*');
var backport;
if (!isnull(vers))
{
foreach var ver (list_uniq(keys(vers)))
{
backport = FALSE;
version = ereg_replace(
pattern : 'www/phpinfo/[0-9]+/version/',
replace : '',
string : ver
);
dir = pregmatch(pattern: "under (.+)", string:vers[ver]);
if (!isnull(dir)) source = dir[1];
# Is version backported?
if (version =~ "[0-9]+")
{
banner = "X-Powered-By: PHP/" + version;
get_php_version(banner:banner);
backport = is_backported();
}
if (backport)
set_kb_item(name:'www/php/'+port+'/'+version+'/backported', value:TRUE);
#reporting
installs[version] += source + ', ';
}
}
if (isnull(source))
exit(0, "There is no mention of PHP in the 'Server' and/or 'X-Powered-By' response headers or from a phpinfo() page from the web server listening on port " + port + ".");
# Sort unique versions and add to KB / report output
report = '\nNessus was able to identify the following PHP version ' +
'information :\n';
foreach version (sort(keys(installs)))
{
path = "/";
extra = {};
set_kb_item(
name : 'www/php/'+port+'/version',
value : version + ' under ' + installs[version]
);
report += '\n Version : ' + version + '\n';
# Sources example: 'X-Powered-By: PHP/7.2.14, http://phphost/info.php, '
sources_str = installs[version];
# Remove delimiter ', ' at the end
sources_str = ereg_replace(pattern:', $', replace:'', string:sources_str);
extra['Source'] = sources_str;
# Since multiple versions can be installed on the same instance and
# app along w/ the path need to be unique, append version and source to the path
# path example: '/ (7.2.14 under X-Powered-By: PHP/7.2.14, http://phphost/info.php)'
path += " (" + version + " under " + sources_str + ")";
sources = split(installs[version],sep:', ', keep:FALSE);
foreach source (sort(sources))
{
report += ' Source : ' + source + '\n';
}
report += ' Backported : ' + is_backported() + '\n';
extra['backported'] = is_backported();
register_install(
app_name : app,
vendor : 'PHP',
product : 'PHP',
version : version,
path : path,
port : port,
extra : extra,
cpe : cpe
);
}
report_installs(app_name: app, port:port, report_override:report);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 Jan 2026 00:00Current
5.5Medium risk
Vulners AI Score5.5