Last week, Russia-based security researcher Emil 'Neex Lerner has discovered a remote code execution vulnerability in the PHP bug tracker - classified as the CVE-2019-11043. The vulnerability allows the attackers to gain control of servers running PHP7 with NGINX and the PHP-FPM extension, simply by adding "?a=" to the URL of the website. Evidence shows that this critical PHP issue is being actively exploited by the threat actors.
Reportedly, the vulnerability did not affect all the PHP-capable servers, only NGINX servers with PHP-FPM enabled are exposed to the risk. The FPM is the PHP-FPM module which is employed for the purpose of performance enhancement and the vulnerability which lets a remote net server to execute its own arbitrary code simply by accessing a specially designed URL, resides in env_path_info in the file fpm_main.c of the FPM component.
PHP (Hypertext pre-processor) is a wide-open source general-purpose scripting language that is used in the development of Static websites, Dynamic websites or Web applications. It is one of the most common programming languages used to build websites and is focused on server-side scripting. It forms the basis for content management systems such as Wordpress and also (in a way) for more sophisticated applications like Facebook. Therefore, to realize a security vulnerability inside it remains a great deal for security researchers.
Experts believe that this security vulnerability has all the right boxes checked for marking the beginning of a storm in the cybersecurity world, it doesn't only expose to risk multiple environments but also makes it extremely convenient for attackers to exploit the vulnerability. Although one can argue that patches are available ..
Support the originator by clicking the read the rest link below.
