Home » Our news » PHP-FPM Critical Vulnerability (CVE-2019-11043)

PHP-FPM Critical Vulnerability (CVE-2019-11043)

It became known about the critical vulnerability of PHP-FPM (CVE-2019-11043), which allows you to remotely execute malicious code on the server.

Corrective releases of PHP 7.3.11, 7.1.33 and 7.2.24 are already available, which fixed this vulnerability. You can find them here.

By information opennet.ru, the attack is possible in nginx configurations, in which the PHP-FPM forwarding is performed with the separation of URL parts using “fastcgi_split_path_info” and the definition of the PATH_INFO environment variable, but without first checking the existence of the file with the “try_files $fastcgi_script_name” directive or the “if (!-f $document_root$fastcgi_script_name)”.


▪ Stable.
▪ In rub.
▪ Not depended on $ and €.
▪ We  !
▪ Discount during payment for a year!

For Legal Entities

Contract and full complect of accounting documents by mail.

This website uses anonymous performance cookies to ensure you get the best experience on our website. We never use targeting or advertising cookies.