A new flaw for PHP servers running NGiNX was discovered, and it could allow attackers to remotely execute arbitrary code on vulnerable web servers. The flaw, is currently designated CVE-2019-11043 is reported to affect websites with various PHP-FPM configurations. The flaw was discovered by Andrew Danau, a security researcher at Wallarm while tracking down bugs at a CTF competition. The bug was then weaponized and utilized as a remote execution access exploit by his two fellow researchs, Omar Ganiev, and Emil Lerner.
All users are advised to update to PHP 7.3.11 and PHP 7.2.24, even if you aren't running the vulnerable configurations.
Original article can be found here.
That was the news folks, have a good rest of the weekend, and stay safe out there.
----Mad-Architect
01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011