PHP developer salary September 2017

United States PHP developers labor market analysis, according to the results of September 2017
07 September 2017   900

We publish the analysis of the labor market of developers in the United States monthly. For PHP developers in September there were 1086 vacancies. The vacancy rates were distributed as follows.

Salary Estimate, PHP, September 2017
Salary Estimate, PHP, September 2017

The most of the developers are required in New York, the least in San Diego.

Number of PHP developer vacancies in different cities, September 2017
Number of PHP developer vacancies in different cities, September 2017

Among the companies that hire PHP developers the leaders are: 

  • Smith & Keller
  • Jobspring Partners
  • Workbridge Associates 

Number of PHP developer vacancies in different companies, September 2017Number of PHP developer vacancies in different companies, September 2017

According to the experience required, the vacancies are distributed as follows. 

PHP developer vacancies by the experience level, September 2017
PHP developer vacancies by the experience level, September 2017

The average salary and salary according to the level of experience were distributed as follows.

PHP developer average salary, September 2017
PHP developer average salary, September 2017

The analysis was carried out by the Hype.codes portal method using the indeed.com data.

WordPress 5.0.0 Serious Vulnerability Found

Vulnerability allows to execute arbitrary code on the server, having the privileges of the Author 
20 February 2019   103

Simon Scannell has published information about the vulnerability in the WordPress, which allows to execute arbitrary code on the server, having the privileges of the Author of publications on the site. In WordPress 4.9.9 and 5.0.1 updates, partial protection was added to block the attack in the core WordPress code, but the problem remains completely unresolved and in the current release of WordPress 5.0.3 it can be exploited through additional errors in the plugins (it is noted that manifested in some popular plugins with millions of active installations).

The vulnerability was caused by two problems - the ability to override metadata in the database and errors in the processing of file paths. The first problem allows to override in the database the value of the post with the image parameters in the wp_postmeta table.

To solve the problem of transmitting PHP code under the guise of an image, the Imagick PHP extension feature is used, which, after editing, leaves the contents of EXIF ​​metadata unchanged, i.e. in the resulting image remain the same EXIF ​​parameters as in the original. Placing the PHP code instead of the EXIF ​​block, you can achieve its execution when you try to connect a specific theme template. When used to convert images to the PHP GD extension, the attack becomes more complicated, since GD clears EXIF ​​and a special selection of pixel values ​​is needed to execute the code, which, after being processed in GD, forms a PHP code.