New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers
samedi 26 octobre 2019 à 23:56a website is vulnerable, if:
NGINX is configured to forward PHP pages requests to PHP-FPM processor,
fastcgi_split_path_info directive is present in the configuration and includes a regular expression beginning with a '^' symbol and ending with a '$' symbol,
PATH_INFO variable is defined with fastcgi_param directive,
There are no checks like try_files $uri =404 or if (-f $uri) to determine whether a file exists or not.
— Permalink
NGINX is configured to forward PHP pages requests to PHP-FPM processor,
fastcgi_split_path_info directive is present in the configuration and includes a regular expression beginning with a '^' symbol and ending with a '$' symbol,
PATH_INFO variable is defined with fastcgi_param directive,
There are no checks like try_files $uri =404 or if (-f $uri) to determine whether a file exists or not.
— Permalink