Security News > 2019 > October > PHP Bug Allows Remote Code-Execution on NGINX Servers
2019-10-28 16:18
CVE-2019-11043 is trivial to exploit -- and a proof of concept is available.
News URL
https://threatpost.com/php-bug-rce-nginx-servers/149593/
Related news
- Rsync vulnerabilities allow remote code execution on servers, patch quickly! (source)
- Over 660,000 Rsync servers exposed to code execution attacks (source)
- Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation (source)
- Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-28 | CVE-2019-11043 | Out-of-bounds Write vulnerability in multiple products In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. | 9.8 |