PHP released a security update. The most severe vulnerability could allow attackers to run RCE remote code in application permissions on the server.
Vulnerable versions that require updating:
7.2 to before 7.2.11
7.1 to before 7.1.23
Link to update – http://www.php.net/downloads.php
It is recommended that you check the update on your systems before installing in production environments.