A recently patched vulnerability (CVE-2019-11043) in PHP is being actively exploited by attackers to compromise NGINX web servers, threat intelligence firm Bad Packets has confirmed.
For a successful exploitation, target servers must have the PHP-FPM (FastCGI Process Manager) feature enabled, but that combination is not as uncommon as initially believed.
About CVE-2019-11043
The flaw was discovered by Wallarm researcher Andrew Danau during a Capture The Flag contest that took place in September 2019.
The PHP Development Team was notified about the vulnerability that same month and patched it in PHP versions 7.3.11, 7.2.24 and 7.1.33 (released last week).
A few days before that, PoC exploit code for the flaw – created by Danau’s fellow CTF players and researchers Emil Lerner and Omar Ganiev – actively exploited nginx servers security
