UPDATES
2 Min Read
October 29, 2019

Remote Code Execution | PHP7 w/ NGINX – Webcare360

by Olivia Hefner

Discussion:

A recently patched security flaw in modern versions of the PHP programming language is being exploited in the wild to take over servers, ZDNet has learned from threat intelligence firm Bad Packets.

The vulnerability is a remote code execution (RCE) in PHP 7, the newer branch of PHP, the most common programming language used to build websites. The issue, tracked as CVE-2019-11043, lets attackers run commands on servers just by accessing a specially-crafted URL.

Fortunately, not all PHP-capable web servers are impacted. Only NGINX servers with PHP-FPM enabled are vulnerable. PHP-FPM, or FastCGI Process Manager, is an alternative PHP FastCGI implementation with some additional features.

References:

https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

https://bugs.php.net/bug.php?id=78599

WebCare360

Remote Code Execution | PHP7 w/ NGINX – Webcare360

Discussion:

Related Blogs

Dirty Frag & cPanel CVE Checker: Verify Your Linux Hosting Server Is Patched

CVE-2026-29201, 29202, 29203 & Dirty Frag

Best VSYS Alternatives & Competitors in 2026

CONNECT

Stay in the Loop

Web Hosting

Specialized Servers

Offshore Servers

Resources

Company

My WebCare360