A remote code execution vulnerability in PHP7, tracked as CVE-2019-11043, has been exploited in attacks in the wild.
On October 22, the security expert Omar Ganiev announced via Twitter the availability of a “freshly patched” remote code execution vulnerability in PHP-FPM, the FastCGI Process Manager (FPM) for PHP.
The researchers also shared a link to the
The CVE-2019-11043 flaw doesn’t request specific skills to be exploited and take over servers, it is an env_path_info underflow flaw in PHP-FPM’s fpm_main
The flaw was first reported to the PHP bug-tracker by security expert Emil Lerner on September 26, 2019 that also credited the researcher Andrew Danau for the issue.
Lerner explained that the vulnerability could be exploited to gain remote code execution under certain configurations where a web server is using
“The PoC script included in the GitHub repository can query a target web server to identify whether or not it is vulnerable by sending specially crafted requests.” reads the analysis published by Tenable. “Once a vulnerable target has been identified, attackers can send specially crafted requests by appending “?a=” in the URL to a vulnerable web server.”
On October 24, PHP maintainers released PHP 7.3.11 (current stable) and PHP 7.2.24 (old stable) that addressed the CVE-2019-11043 vulnerability. Administrators using
The maintainers also suggested a workaround that consists in either by including the try_files directive or using an if statement, such as if (-f $
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.