I believe that this might be important for anyone of us hosting our websites on Nginx with FPM
There is major security flaw affecting all PHP versions which allows for REMOTE code execution.
More info can be found here:
If you have Nginx with php-fpm and you have an influence on the PHP versions then you should consider patching that up ASAP.
I tried the exploit but it just keeps 404ing on my Docker setup 
.
~/go/bin # ./phuip-fpizdam http://localhost/index.php
2019/10/29 02:36:32 Base status code is 404
2019/10/29 02:36:32 Detect() returned error: no qsl candidates found, invulnerable or something wrong
~/go/bin # ./phuip-fpizdam http://127.0.0.1/script.php
2019/10/29 02:37:52 Base status code is 404
2019/10/29 02:37:52 Detect() returned error: no qsl candidates found, invulnerable or something wrong
~/go/bin # ./phuip-fpizdam http://127.0.0.1/wp-config.php
2019/10/29 02:39:28 Base status code is 404
2019/10/29 02:39:28 Detect() returned error: no qsl candidates found, invulnerable or something wrong
This topic was automatically closed after 42 days. New replies are no longer allowed.