Critical PHP RCE Vulnerability Affects NGINX Servers
A serious security vulnerability, CVE-2019-11043, has been discovered in certain versions of PHP 7 running on NGINX with PHP-FPM enabled. This vulnerability allows remote code execution, posing a significant risk to affected systems.
The vulnerability was discovered by cybersecurity company Check Point and is not attributed to a researcher named Andrew Danau. It affects PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11 when running on NGINX servers with PHP-FPM enabled.
Attackers can exploit this issue by sending crafted requests to execute system commands. Organizations are urged to patch their systems immediately to mitigate this risk.
Qualys offers solutions to detect and protect against this vulnerability. Qualys Web Application Scanning (WAS) can identify it using QIDs 150270 and 150271. Additionally, Qualys Web Application Firewall (WAF) can mitigate the vulnerability using pre-written rules.
Organizations should prioritize patching their vulnerable PHP systems and consider using Qualys solutions for comprehensive protection. By doing so, they can effectively safeguard their systems from potential attacks exploiting CVE-2019-11043.
