Advisory 2023-09/01 PHP Vulnerabilities

Vulnerability typeOverflow, Memory corruption, XXE injection
Severity factors

FileCloud users are not at risk of being exposed to these vulnerabilities. However, FileCloud is updating PHP to the latest version, currently 8.2.10.

These vulnerabilities have CVSS scores of 7.5 to 9.8 with high and critical severity ratings for users who are affected.

Versions affectedFileCloud Versions 22.1 and 23.1 are not affected by these vulnerabilities, but use the versions of PHP affected.
Version fixedFileCloud Version 23.1.2 and later


In PHP versions 8.0.*, 8.1.*, and 8.2.*:

  • When loading a phar file and reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or remote code execution (RCE). 
  • Potential disclosure of local files accessible to PHP may occur.


FileCloud is thoroughly tested with specific PHP versions, and using newer versions may affect functionalities; therefore, it is important that customers do not upgrade their PHP versions beyond what is bundled with FileCloud. 

As FileCloud keeps up to date with the latest versions of all software, FileCloud version upgrades PHP to the latest version, 8.2.10.

What you should do to fix this vulnerability

  • If you are using FileCloud Server, we recommended that you update to the latest version, which is or greater. 
  • If you are using FileCloud Online, your site has already been updated to the latest version.

If you have any questions about this advisory, please contact FileCloud support.