PHP7 bugs used by hackers to remotely hijack web servers

Last week, Emil ‘Neex’ Lerner, a Russia-based security researcher, disclosed a remote code execution vulnerability in PHP 7, and this vulnerability has CVE-ID of 2019-11043, an attacker could force a remote webserver to execute their own arbitrary code simply by accessing a crafted URL. By just adding “?a=” to the website address, followed by their payload.

According to sources, this attack lessens the barriers to the threat actors to get an entry for hacking a website,which means even a non-technical person can orchestrate an attack.

The only good thing about this possible attack is that the vulnerability only impacts servers using the NGINX web server with the PHP-FPM extension. PHP-FPM is a souped-up version of FastCGI, with a few extra features designed for high-traffic websites.

While neither of those components is necessary to use PHP 7, they have an uncanny common factor, especially in commercial environments. Cimpanu points out that NextCloud, a large productivity software provider, uses PHP7 with NGINX and PHP-FPM.

It’s since released a security advisory to clients urging them to update warning them of the issue and imploring them to update their PHP install to the latest version.