This is bad. Looks like there is a execute arbitrary code remotely vulnerability in nginx and php-fpm when fastcgi_split_path_info is used.
That’s a very common setup. has all the gore (CVE-2019-11043).Also on (

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!