Follow

This is bad. Looks like there is a execute arbitrary code remotely vulnerability in nginx and php-fpm when fastcgi_split_path_info is used.
That’s a very common setup.
thehackernews.com/2019/10/ngin has all the gore (CVE-2019-11043).Also on (beko.famkos.net/t/4Ys)

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!