Red Security

Red Security > General > News > New Vulnerability Discovered With PHP: NGiNX At Risk
Full Version: New Vulnerability Discovered With PHP: NGiNX At Risk
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Mad-Architect

10-27-2019, 01:48 PM
[Image: cyber-crime-technology-hack-feat.jpg]




           A new flaw for PHP servers running NGiNX was discovered, and it could allow attackers to remotely execute arbitrary code on vulnerable web servers. The flaw, is currently designated CVE-2019-11043 is reported to affect websites with various PHP-FPM configurations. The flaw was discovered by Andrew Danau, a security researcher at Wallarm while tracking down bugs at a CTF competition. The bug was then weaponized and utilized as a remote execution access exploit by his two fellow researchs, Omar Ganiev, and Emil Lerner.


      All users are advised to update to PHP 7.3.11 and PHP 7.2.24, even if you aren't running the vulnerable configurations. 


      Original article can be found here.


             That was the news folks, have a good rest of the weekend, and stay safe out there.


       ----Mad-Architect 
Red Security > General > News > New Vulnerability Discovered With PHP: NGiNX At Risk