How one man could have pwned all your PHP programs
Popular PHP package repository front end Packagist turned out to have an embarrassing command injection hole – now closed!
Read more: How one man could have pwned all your PHP programs
Story added 30. August 2018, content source with full text you can find at link above.