How one man could have pwned all your PHP programs Posted on August 30, 2018 by nocrackingzone Popular PHP package repository front end Packagist turned out to have an embarrassing command injection hole – now closed!