Since the end of 2018, PHP 5 is no longer being supported, with more than 5,3M websites still running on it. This means that any vulnerability discovered since the beginning of January 2019 remains a threat.
In many cases, the scripting language including the version can be found in the HTTP headers. They contain additional information about the server that is generating the website, such as operating system, compression and scripting language.
Every month we index all domains and store the HTTP headers of each website. Using this data, we can show which domains are running on outdated, unsupported and unsecure versions of PHP. Among the most serious security threats are disk operating systems (DOS) and gaining privileges.