CyberNews Briefs

Nasty PHP7 remote code execution bug exploited in the wild

Threat actors have begun exploiting a recently fixed remote code execution (RCE) vulnerability in PHP 7 in order to compromise vulnerable servers, researchers with Bad Packets are warning. The flaw, tracked as CVE-2019-11043, is very easy to exploit using proof-of-concept exploit code that was recently published on GitHub.

In order to exploit the issue, all an attacker has to do, is send a specially-crafted URL to a vulnerable server. The flaw does not affect all servers running PHP, but only NGINX servers running the non-standard PHP-FPM component.

Read more: Nasty PHP7 remote code execution bug exploited in the wild

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.