Offshore Hosting, Offshore VPS, Offshore Servers | WebCare360

  • Strong advocate of privacy, anonymity and network neutrality since 2009.
About Us Contact Us Legal / AUP Blog
Menu
Login
Signup
  • Privacy is not something that We merely entitled to, it's an absolute prerequisite
About Us Contact Us Legal / AUP Blog
Login
Signup
Menu
  • Privacy is not something that We merely entitled to, it's an absolute prerequisite
About Us Contact Us Legal / AUP Blog
Menu

Remote Code Execution | PHP7 w/ NGINX – Webcare360

by John Doe
Facebook Twitter Linkedin Instagram

Discussion:

A recently patched security flaw in modern versions of the PHP programming language is being exploited in the wild to take over servers, ZDNet has learned from threat intelligence firm Bad Packets.

The vulnerability is a remote code execution (RCE) in PHP 7, the newer branch of PHP, the most common programming language used to build websites. The issue, tracked as CVE-2019-11043, lets attackers run commands on servers just by accessing a specially-crafted URL.

Fortunately, not all PHP-capable web servers are impacted. Only NGINX servers with PHP-FPM enabled are vulnerable. PHP-FPM, or FastCGI Process Manager, is an alternative PHP FastCGI implementation with some additional features.

References:

https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

https://bugs.php.net/bug.php?id=78599

Related Blogs

CONNECT

Stay in the Loop

Facebook-f Twitter