    Home /
    Blog /
    PHP 7.2.18
  

Security Advisory

PHP 7.2.18 Critical CVE-2019-11036: Security Patch Guide

    📅 June 01, 2026
    ·⏱ 5 min read
    ·🔒 SiteRecipe Security Team
  

⚠ 3,500 websites still running PHP 7.2.18 → View full list

Total

Critical

PHP 7.2.18 contains a critical security vulnerability that affects thousands of websites worldwide. The EXIF extension flaw (CVE-2019-11036) allows attackers to exploit a buffer overflow, potentially exposing sensitive data or crashing your server. This vulnerability is especially dangerous because it requires minimal interaction—simply processing a maliciously crafted image file can trigger the attack.

If your website runs PHP 7.2.18, immediate action is required. This guide walks you through identifying whether you're affected, understanding the risk, and implementing the necessary security patches. With 3,500+ websites still using this vulnerable version, cybercriminals are actively targeting these systems.

What is Php 7.2.18?

PHP 7.2.18 is a server-side scripting language that powers millions of websites. It includes an EXIF extension that processes image metadata—the hidden information embedded in photos that records details like camera settings, date, and location. Most website owners use this feature unknowingly when their platforms automatically resize or organize user-uploaded images.

The vulnerability exists in how PHP 7.2.18's EXIF extension reads this image data. Instead of stopping at the correct boundary, the code reads beyond allocated memory, exposing what's stored there. Attackers exploit this by uploading specially crafted images that trigger this overflow, potentially accessing database credentials, user information, or causing complete server crashes. This makes it not just a theoretical risk—it's an active threat to your website's security.

Key Vulnerabilities in Php 7.2.18

1 CVEs found. The most critical are explained below.

CRITICAL CVE-2019-11036 9.1/10 · CVSS v3.1 ⏱ Immediate

PHP Image File Processing Security Flaw

PHP 7.2.18 and earlier versions have a bug in how they process image files (EXIF data). An attacker can send a specially crafted image file that causes PHP to read data it shouldn't have access to, potentially exposing sensitive information or crashing your website.

Impact: Your website could leak confidential data like database contents or user information, or become unavailable if the server crashes. Attackers can exploit this by uploading malicious image files.

↗ View on NVD

Is your website running Php 7.2.18?

Scan your site in 30 seconds. Used by 500+ web agencies.

Scan my website — free 📋 See all 3,500 affected sites

How to Check If Your Website Is Affected

1 Log into your web server or hosting control panel and navigate to your PHP version information
2 Check your current PHP version—look for 7.2.18 specifically or any 7.2.x version below 7.2.18
3 If you find PHP 7.2.18, verify the EXIF extension is enabled by checking your php.ini configuration or phpinfo() page

How to Fix These Vulnerabilities

1 Backup your entire website and database immediately before making any changes
2 Update PHP to version 7.2.19 or higher (7.2.29+ recommended) or migrate to PHP 7.3.5+ or 7.4+
3 If you can't update immediately, disable the EXIF extension in your php.ini by adding 'extension=exif' commented out
4 Test your website thoroughly after updating, then monitor logs for any suspicious image uploads or EXIF-related errors

Conclusion

CVE-2019-11036 represents a critical threat to any website running PHP 7.2.18. The combination of widespread vulnerability and ease of exploitation makes this one of the most dangerous PHP flaws in recent years. Delaying your update increases the risk that attackers will compromise your site, steal customer data, or take your services offline.

SiteRecipe.com helps you monitor and manage security vulnerabilities across your digital infrastructure. Our platform continuously scans your servers, identifies outdated software like vulnerable PHP versions, and alerts you to critical threats before they become breaches. Don't wait for an attack—use SiteRecipe.com today to secure your website and ensure all your systems are running safe, current versions.

Frequently Asked Questions

Can this vulnerability be exploited without uploading files to my website?

The primary exploitation method requires uploading a malicious image file, but attackers can also trigger it through RSS feeds, image processing plugins, or any system that automatically processes image metadata. If your site has any image upload functionality—even in admin areas—you're at risk.

What's the difference between upgrading PHP and disabling EXIF?

Upgrading to a patched PHP version (7.2.19+, 7.3.5+, or 7.4+) fixes the underlying code flaw and is the permanent solution. Disabling EXIF is a temporary emergency measure that prevents exploitation but may break features dependent on image metadata processing. Always upgrade for a complete fix.

Will updating PHP break my website or plugins?

Most modern websites and plugins are compatible with PHP updates, but older custom code might have issues. This is why backing up first is critical. Test on a staging environment before updating production, and consult your hosting provider if you're concerned about compatibility.

Generate white-label reports for your clients

Web agencies use SiteRecipe to produce branded PDF security reports in 30 seconds.

Free scan Agency plans 📋 3,500 affected sites

DISCLAIMER: This report is based on publicly available CVE data from the National Vulnerability Database (NVD) maintained by NIST. Detection of a technology version does not confirm active exploitation on any specific website. For informational purposes only. SiteRecipe is not responsible for actions taken based on this report. Always consult a qualified security professional.

Source: nvd.nist.gov · Published: June 01, 2026 · SiteRecipe.com