PHP 7.0.x < 7.0.14 php_wddx_push_element() Function Empty Boolean Element Decoding RCE

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.14. It is, therefore, affected by a remote code execution vulnerability due to a memory corruption issue in the php_wddx_push_element() function in ext/wddx/wddx.c that occurs when decoding empty boolean elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.

Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.