Skip to main content


Home PHP injection

PHP injection

(also PHP object injection)

PHP injection definition

PHP injection is an application vulnerability allows attackers to exploit PHP applications when performing malicious actions. PHP injections can be of different types: Code injection, SQL injection, path traversal, or denial of service. An attacker inserts code into a vulnerable computer program and alters its operation. Successful injection can cause severe damage by installing malicious software, corrupting data, deleting information, or taking complete control of the application.

Code injection. It is a form of attack where the target is the application code. Threat actors exploit system vulnerabilities, poor management of untrusted information, and a lack of proper input/output data validation such as allowed characters, data format, or amount of expected data.

SQL injection. The hacker edits the URL by injecting malicious SQL code in the URL parameters to extract sensitive information that is not intended to be displayed.

File path traversal. It is a website security vulnerability that allows a threat actor to access sensitive files on the application server. It might include operating system files, application code, or data credentials for backend system files. The breach can result in third parties modifying the sensitive data or taking complete control of the application.

DoS. A DoS is a cyberattack in which an attacker seeks to temporarily or permanently disrupt the operation of an application or machine. The malicious actor usually floods the system or device with unnecessary requests, thereby overloading the system and preventing it from responding to legitimate requests.