PHP7 bugs used by hackers to remotely hijack web servers
Last week, Emil ‘Neex’ Lerner, a Russia-based security researcher, disclosed a remote code execution vulnerability in PHP 7, and this vulnerability has CVE-ID of 2019-11043, an attacker could force a remote webserver to execute their own arbitrary code simply by accessing a crafted URL. By just adding “?a=” to the website address, followed by their payload.
According to sources, this attack lessens the barriers to the threat actors to get an entry for hacking a website,which means even a non-technical person can orchestrate an attack.
The only good thing about this possible attack is that the vulnerability only impacts servers using the NGINX web server with the PHP-FPM extension. PHP-FPM is a souped-up version of FastCGI, with a few extra features designed for high-traffic websites.
While neither of those components is necessary to use PHP 7, they have an uncanny common factor, especially in commercial environments. Cimpanu points out that NextCloud, a large productivity software provider, uses PHP7 with NGINX and PHP-FPM.
It’s since released a security advisory to clients urging them to update warning them of the issue and imploring them to update their PHP install to the latest version.
Comments ( 0 )
No comments available