Home / Companies / Detectify / Blog / Post Details
Content Deep Dive

New security test: CVE-2019-11043 PHP-FPM & NGINX RCE

Blog post from Detectify

Post Details
Company
Date Published
Author
Detectify
Word Count
576
Company Posts That Month
4
Language
-
Hacker News Points
-
Post removed?
No
Summary

CVE-2019-11043 is a critical vulnerability in Nginx and PHP-FPM configurations that allows remote code execution (RCE) by exploiting how data is processed from URLs, potentially compromising servers running affected PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11. This vulnerability arises due to the way Nginx forwards data to PHP-FPM, where an encoded newline character in the URL path can manipulate the PATH_INFO variable, leading to arbitrary code execution on the server. The vulnerability is particularly concerning as it can allow attackers to gain control over the server, access internal services, or steal stored data. Remediation involves updating the PHP installation and hardening Nginx configurations to prevent such exploits. Detectify, a security platform, has incorporated tests for this vulnerability, allowing users to scan their web applications for this and other potential security issues, offering a 14-day free trial to assess the security status of their applications.

Trends Found in this Post

No tracked trend matches for this post yet.

Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.