Roots Discourse

Major security issue in PHP 7.x with Nginx-FPM

I believe that this might be important for anyone of us hosting our websites on Nginx with FPM
There is major security flaw affecting all PHP versions which allows for REMOTE code execution.

More info can be found here:

If you have Nginx with php-fpm and you have an influence on the PHP versions then you should consider patching that up ASAP.

I tried the exploit but it just keeps 404ing on my Docker setup :man_shrugging:.

~/go/bin # ./phuip-fpizdam http://localhost/index.php
2019/10/29 02:36:32 Base status code is 404
2019/10/29 02:36:32 Detect() returned error: no qsl candidates found, invulnerable or something wrong
~/go/bin # ./phuip-fpizdam http://127.0.0.1/script.php
2019/10/29 02:37:52 Base status code is 404
2019/10/29 02:37:52 Detect() returned error: no qsl candidates found, invulnerable or something wrong
~/go/bin # ./phuip-fpizdam http://127.0.0.1/wp-config.php
2019/10/29 02:39:28 Base status code is 404
2019/10/29 02:39:28 Detect() returned error: no qsl candidates found, invulnerable or something wrong