Description

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Remediation

References

CVE-2019-11043

Related Vulnerabilities

WordPress Plugin Easy Digital Downloads-Recent Purchases Remote File Inclusion (1.0.2)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17303)

Apache HTTP Server Improper Input Validation Vulnerability (CVE-2011-4415)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-2581)

WordPress Plugin Events Made Easy SQL Injection (2.2.35)

Severity

Critical

Classification

CVE-2019-11043 CWE-787 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities