The vulnerability in PHP 5.4.16 is a remote code execution (RCE) bug, which allows an attacker to execute arbitrary code on the server. This bug is caused by a use-after-free vulnerability in the PHP's php_curl_easy_perform function. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the server, which can lead to a crash or, worse, allow them to execute malicious code.
Thanks!
The vulnerability was initially reported on GitHub by a security researcher, who provided a proof-of-concept (PoC) exploit. The PoC demonstrates how an attacker can use a malicious HTTP request to execute arbitrary code on the server. php 5.4.16 exploit github