Security researcher have found a three critical zero-day vulnerability on latest PHP 7, which allows and attacker to take full control over the website using of PHP 7.
Security Researcher of Check point's exploit research team have found these critical zero-days, that reside in the unserialized mechanism in PHP 7.
These zero-day Vulnerabilities dubbed as CVE-2016-7479 (Use after free code Execution) , CVE-2016-7480 (Use of Uninitialized value code execution), and CVE-2016-7478 (Remote Denial of Service). Among these, first two Vulnerabilities gives full control to attacker over the targeted server after successful exploitation, where as third one if exploited cause Denial of Service (DoS) attack.
All these three zero-days Vulnerabilities had been reported to PHP security team by researcher, but only two of them have been patched and one zero-day is still alive (yet to patch).
Patch of two Vulnerabilities have been released, so it is strongly recommended to all server admin to upgrade your PHP version to latest one.