CVE-2019-11043: Vulnerability in PHP-FPM Could Lead to Remote Code Execution on nginx
by Satnam Narang on October 24, 2019
Web servers using nginx and PHP-FPM are vulnerable to this flaw under certain conditions.
Background
On October 22, security researcher Omar Ganiev published a tweet regarding a “freshly patched” remote code execution vulnerability in PHP-FPM, the FastCGI Process Manager (FPM) for PHP. The tweet includes a link to a GitHub repository containing a proof of concept (PoC) for the vulnerability.