WampServer

I have a question in regards to wampserver version 3.0.4. When correctly upgraded to that version, does CLI mode still use the php 5.5.12 version or can we then get rid of php 5.5.12? In the DO_NOT_DELETE file it says that php 5.5.12 is used by Wampserver 2.0.

The reason I ask is because of the security vulnerabilities of the php 5.5.12 version. I have upgraded to get away from it but if it still exists on the server, it doesn't get rid of the vulnerability even though my wordpress site uses 5.5.34. Does that question make sense? Let me know your thoughts. Thanks.

Current Settings
Wampserver 2.5
Apache 2.4.9
PHP 5.5.34
MySQL 5.6.17
Wampserver icon is green and everything is functional as is. Looking to upgrade to 3.0.4 and utilize later versions of apache, php, mysql to eliminate security vulnerabilities.

WAMP Server 3 actually uses PHP5.6.15 for its own CLI use.

Past version vulnerabilitues are actually irrelevant, if you are not running that version of PHP within Apache. Which I assume you are not.

CLI vulverabilities? You do know what CLI stands for I assume (Command Line Interface).
Well only if you actually use that version of the CLI from the command line and then vulnerable to WHAT? Your coding mistakes? Well they are all vulnerable to that I am afraid.

---------------------------------------------------------------------------------------------
(Windows 10 Pro 64bit) (Wampserver 3.3.4 64bit) Aestan Tray Menu 3.2.5.4
<Apache versions MULTIPE> <PHP versions MULTIPLE> <MySQL Versions MULTIPLE>
<MariaDB versions MULTIPLE> <phpMyAdmin versions MULTIPLE> <MySQL Workbench 8.0.23>
Read The Manuals Apache -- MySQL -- PHP -- phpMyAdmin
Get your Apache/MySQL/mariaDB/PHP ADDONs here from the WAMPServer alternate Repo
-X-X-X- Backup your databases regularly Here is How dont regret it later! Yes even when developing -X-X-X-

Hi,

PHP 5.5.12 is ONLY used by CLI ; ie Wampmanager internal scripts.

If you use another version (Wampmanager Tray Icon -> PHP -> Version), PHP 5.5.12 is not used by your web applications or your scripts.

I am very curious to know what are the security vulnerabilities on a PHP version used only on the command line!

---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons



Edited 1 time(s). Last edit at 04/22/2016 05:03PM by Otomatic.

LOL

You and me both Oto, you and me both.

A little knowledge is a dangerous thing

---------------------------------------------------------------------------------------------
(Windows 10 Pro 64bit) (Wampserver 3.3.4 64bit) Aestan Tray Menu 3.2.5.4
<Apache versions MULTIPE> <PHP versions MULTIPLE> <MySQL Versions MULTIPLE>
<MariaDB versions MULTIPLE> <phpMyAdmin versions MULTIPLE> <MySQL Workbench 8.0.23>
Read The Manuals Apache -- MySQL -- PHP -- phpMyAdmin
Get your Apache/MySQL/mariaDB/PHP ADDONs here from the WAMPServer alternate Repo
-X-X-X- Backup your databases regularly Here is How dont regret it later! Yes even when developing -X-X-X-



Edited 1 time(s). Last edit at 04/22/2016 05:05PM by RiggsFolly.

Regardless if you use PHP 5.5.12 for the website, the version of php 5.5.12 still remains on the public web server. If the so-called hacker is able to successfully get access to the public server via an exploit of "anything" then they would be able to still exploit and cause harm to an environment with the vulnerabilities that existed on 5.5.12. I know it's a long shot because I would be using a more secure add on version with my website but my point is, the vulnerabilities for the 5.5.12 version still exist on the server accessible to the public because that version and it's files are there.

Is there a way to have CLI use a later version of PHP? I do understand CLI means Command Line Interface.

I think I look at these issues from a different vantage point because I am thinking of network security and not just the additional features and addon's that a programmer would be thinking of it from. I'm not a programmer, just required to maintain what was given to us for our site.

Vulnerabilies for PHP 5.5.12
[www.cvedetails.com]

The point is as it is not the version of PHP that is running with on the web server its vulnerability is not accessable.

If a hacker gets into your server via Apache/PHPanything the existance of a php executable is the least of your worries.
A hacker would be more likely and get more milage by heading straight for windows itself.
How are you going to protect that.

---------------------------------------------------------------------------------------------
(Windows 10 Pro 64bit) (Wampserver 3.3.4 64bit) Aestan Tray Menu 3.2.5.4
<Apache versions MULTIPE> <PHP versions MULTIPLE> <MySQL Versions MULTIPLE>
<MariaDB versions MULTIPLE> <phpMyAdmin versions MULTIPLE> <MySQL Workbench 8.0.23>
Read The Manuals Apache -- MySQL -- PHP -- phpMyAdmin
Get your Apache/MySQL/mariaDB/PHP ADDONs here from the WAMPServer alternate Repo
-X-X-X- Backup your databases regularly Here is How dont regret it later! Yes even when developing -X-X-X-

Hi,

If you want to suppress a PHP version that is used as CLI, follow this:

Works with Wampserver 3.0.4

- Exit Wampserver
- Found another PHP version number that exists in wamp/bin/php/
- Note the version number, for example 5.6.16
- Edit wamp/wampmanager.conf file
Replace

phpCliVersion = 5.5.12

by

phpCliVersion = 5.6.16

Save the modified file.

- Launch Wampserver
Wait for Green icon
- Exit Wampserver

Now you can delete the entire folder wamp/bin/php/php5.5.12, of course if this PHP version is not PHP used by phpVersion = "5.5.12" into wampserver.conf

---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons



Edited 2 time(s). Last edit at 04/23/2016 11:50AM by Otomatic.

This is exactly what I was looking for. Thanks so much. I appreciate it.