2010-06-01, 09:55 AM
If you are using php-fastcgi (and possibly nginx instead of Apache) you may be interested in the following article:
Came across this today, my server was affected by this issue, so if you're running PHP as CGI on your server, it may be worth checking out, especially (but not only) for Nginx users since Nginx standard configuration does not prevent this.
http://cnedelcu.blogspot.com/2010/05/ngi...rtant.html Wrote:A critical security issue has recently been pointed out on servers that run Nginx and PHP via FastCGI. The issue allows anyone to execute their own PHP code on the system, I don't think I have to remind you of the consequences this could have. I will attempt to provide a simple explanation of the issue and more importantly how to fix it.
Came across this today, my server was affected by this issue, so if you're running PHP as CGI on your server, it may be worth checking out, especially (but not only) for Nginx users since Nginx standard configuration does not prevent this.