According to James Bercegay, researcher at GulfTech Security Research who found the flaws, an attacker can compromise a Web server through a security hole in the XML-RPC function.
In two PHP libraries, PHPXMLRPC and Pear XML-RPC, the flaw allows applications to exchange XML using remote procedure calls and fails to check incoming data for malicious commands.
Bercagay said the level of the threat was -high risk" and affects popular PHP programs such as PostNuke, Drupal, b2evolution, TikiWiki and others.
The PHP libraries have been updated, and are available for download. For developers who cannot upgrade to the new libraries, disabling the XML-RPC functions has been a recommended solution.