{"vulnerability": "CVE-2019-11043", "sightings": [{"uuid": "c4133d54-1bcd-4c30-b485-f7f00be65ad0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "seen", "source": "MISP/590a760b-e66a-4307-bc17-df8e7f286317", "content": "", "creation_timestamp": "2020-10-09T14:21:30.000000Z"}, {"uuid": "7f996715-226e-4090-b2f1-77573a27eed9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:03.000000Z"}, {"uuid": "5f4eecd0-557f-466f-baaf-f6525bc49084", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "exploited", "source": "https://www.exploit-db.com/exploits/48182", "content": "", "creation_timestamp": "2020-03-09T00:00:00.000000Z"}, {"uuid": "f5b89dca-d736-438f-ac16-48ae0b64ad78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971434", "content": "", "creation_timestamp": "2024-12-24T20:29:16.739805Z"}, {"uuid": "6bb5e086-c829-416a-bd45-b4e0cfbcc41f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:43.000000Z"}, {"uuid": "3a6b6e98-dad3-4322-89d5-e5592cae1743", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:11.000000Z"}, {"uuid": "85ac06d6-6b89-433b-aa2b-935e032ff415", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:22.000000Z"}, {"uuid": "a09632ba-8873-418e-9c70-30792a5a6cfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/php_fpm_rce.rb", "content": "", "creation_timestamp": "2020-03-05T16:51:24.000000Z"}, {"uuid": "e83e0428-b204-4edd-84c1-98d40aaf7374", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02", "content": "", "creation_timestamp": "2026-01-27T11:00:00.000000Z"}, {"uuid": "0ac6e6c1-4614-4f4e-bfd9-6d6fc8e5e370", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "published-proof-of-concept", "source": "Telegram/EftIdxh0m82pCg23mhioS-smQ0jukHsVEz7_My1KFRejYJM", "content": "", "creation_timestamp": "2025-12-12T09:00:05.000000Z"}, {"uuid": "9546bbae-f217-4905-9515-6625a8094778", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2019-11043", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/e1fa3e09-5875-4799-bc9c-44c6605e8b52", "content": "", "creation_timestamp": "2026-02-02T12:28:01.580954Z"}, {"uuid": "062ad4fe-6158-485c-950e-6d0dddbaff1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2019-11043", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus-nginx-php-fpm-toteutuksessa", "content": "", "creation_timestamp": "2019-10-28T14:25:51.000000Z"}, {"uuid": "76777b4c-cb8f-4fff-a6b0-df67da1ba452", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "seen", "source": "https://bsky.app/profile/advisoryics.bsky.social/post/3mdhmrr3x6s2p", "content": "", "creation_timestamp": "2026-01-28T06:16:53.406885Z"}, {"uuid": "bf968e35-3e16-4c0b-8f21-26d06ab0d228", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2019-11043", "type": "seen", "source": "https://gist.github.com/gmoigneu/e9982122600e5c6f6f995d754ca2529f", "content": "", "creation_timestamp": "2026-04-01T08:58:58.000000Z"}, {"uuid": "4426a5ba-7e49-4c09-9689-e00471eb605a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "cd6eba8f-a631-4b9d-a629-0d839048fa94", "vulnerability": "CVE-2019-11043", "type": "exploited", "source": "https://github.com/range42/range42-catalog/tree/main/03_container_layer/docker/_ctf/cve/web/php/CVE-2019-11043", "content": "", "creation_timestamp": "2026-04-15T14:28:37.554824Z"}, {"uuid": "37d117b4-3775-4453-84a2-4c900837013a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "published-proof-of-concept", "source": "Telegram/TbyvnvMJG36HRPFkPQ_0bqUyF7XZabxxdc_yuEfCHFJjcrI", "content": "", "creation_timestamp": "2025-06-19T21:00:05.000000Z"}, {"uuid": "20de92da-1093-43e9-94a9-5cc051148ad9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "seen", "source": "https://t.me/poxek/1836", "content": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f PHP-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u0434 \u043d\u0430 QNAP NAS\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2019-11043 \u0438 9,8 \u0431\u0430\u043b\u043b\u0430 \u0438\u0437 10 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS. \u0414\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u043e\u043b\u0436\u043d\u044b \u0431\u044b\u0442\u044c \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u044b Nginx \u0438 php-fpm \u0432 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b QNAP:\n\u25b6\ufe0f \u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a\n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1", "creation_timestamp": "2022-06-27T13:02:10.000000Z"}, {"uuid": "f513d8f1-671c-446b-b6fe-782a80807982", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "seen", "source": "Telegram/6WP4tWkOvRRY-ZJHRd-74b-PUmSWHpsRtc4G72fuH1csXXS3", "content": "", "creation_timestamp": "2025-02-14T21:08:32.000000Z"}, {"uuid": "f10316e1-ade9-49b2-90dd-bcc5ec263b40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "published-proof-of-concept", "source": "https://t.me/personal_oblivion/36", "content": "\u041f\u0440\u0438\u043c\u0435\u0440\u044b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0445 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430\u0445:\n\nhttps://imagetragick.com/ \u2014 ImageMagick, \u043f\u0430\u043a\u0435\u0442\u0435, \u043e\u0431\u044b\u0447\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u043c \u0432\u0435\u0431-\u0441\u043b\u0443\u0436\u0431\u0430\u043c\u0438 \u0434\u043b\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439, \u0432 2016 \u0433\u043e\u0434\u0443 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u041c\u043d\u043e\u0433\u0438\u0435 \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 (RCE) \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c. \n\nhttps://github.com/neex/phuip-fpizdam \u2014 \u044d\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 php-fpm (CVE-2019-11043). \u0412 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\u0445 nginx + php-fpm \u043e\u0448\u0438\u0431\u043a\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0438\u0437\u0432\u043d\u0435. \u042d\u0442\u043e \u043e\u0437\u043d\u0430\u0447\u0430\u0435\u0442, \u0447\u0442\u043e \u0432\u0435\u0431-\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430, \u0435\u0441\u043b\u0438 \u0443 \u0432\u0430\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u0430\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f.", "creation_timestamp": "2023-09-26T10:24:57.000000Z"}, {"uuid": "3310092f-1d69-4fc7-9301-8f28d13da56c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "exploited", "source": "https://t.me/antichat/6873", "content": "CVE-2019-11043-Docker\nhttps://github.com/akamajoris/CVE-2019-11043-Docker", "creation_timestamp": "2019-10-26T21:15:31.000000Z"}, {"uuid": "031230f8-1caa-452f-83c6-5090a7ab0cb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "published-proof-of-concept", "source": "Telegram/JeiDt8Nnz8a7eBJ7rl33Wxp4Y2db8y9fm33uwe5bWQ4UN5o", "content": "", "creation_timestamp": "2025-10-24T15:00:08.000000Z"}, {"uuid": "ae17c0bd-99c8-4478-9957-709a570210c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "seen", "source": "https://t.me/ctinow/17739", "content": "It is not known at this time how victims are being infected, but based on a security alert issued by NextCloud in late October, it could be through the php-fpm (CVE-2019-11043) vulnerability that was recently discovered and that affects NextCloud servers.\nhttps://t.co/jNzMCEQyA0 http://twitter.com/BleepinComputer/status/1195457932374224897", "creation_timestamp": "2019-11-15T22:47:31.000000Z"}, {"uuid": "327f1cc9-25a5-4463-bcc9-d9312290fba7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "exploited", "source": "https://t.me/ctinow/17087", "content": "PHP Bug Allows Remote Code-Execution on NGINX Servers CVE-2019-11043 is trivial to exploit -- and a proof of concept is available. https://threatpost.com/php-bug-rce-nginx-servers/149593/", "creation_timestamp": "2019-10-28T17:22:33.000000Z"}, {"uuid": "36898721-790c-4dce-9c72-fece6bba3586", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "exploited", "source": "https://t.me/ctinow/17058", "content": "New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely.\n\nThe vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the wild and could", "creation_timestamp": "2019-10-26T21:06:17.000000Z"}, {"uuid": "845f782f-bfc9-474a-aef5-93fac6f4d24a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "exploited", "source": "https://t.me/alexmakus/3117", "content": "PHP-FPM, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430, \u0432\u043e\u0442 \u044d\u0442\u043e \u0432\u0441\u0435, \u043a\u0430\u043a \u0432\u044b \u043b\u044e\u0431\u0438\u0442\u0435:\u00a0\u0432 \u043f\u0430\u0440\u0441\u0438\u043d\u0433\u0435 fastcgi \u0435\u0441\u0442\u044c \u0431\u0438\u043d\u0430\u0440\u043d\u044b\u0439 \u0431\u0430\u0433, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c FASTCGI \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0435. \u0412 \u0438\u0442\u043e\u0433\u0435 \u044d\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u043a\u0430\u0437\u0430\u0442\u044c \u043e\u043f\u0446\u0438\u0438 php.ini \u2014\u00a0\u0431\u0443\u043c, \u043a \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u0434\nhttp://cve.circl.lu/cve/CVE-2019-11043\nhttps://bugs.php.net/bug.php?id=78599\n\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 https://github.com/neex/phuip-fpizdam", "creation_timestamp": "2019-10-29T10:36:29.000000Z"}, {"uuid": "105c6c81-21ab-4638-b7a4-b124a3fe4083", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "exploited", "source": "https://t.me/ExcreamOnSecurity/292", "content": "PHuiP-FPizdaM\n\nThis is an exploit for a bug in php-fpm (CVE-2019-11043). In certain nginx + php-fpm configurations, the bug is possible to trigger from the outside. This means that a web user may get code execution if you have vulnerable config (see below).\n\nhttps://github.com/neex/phuip-fpizdam/\n#nginx #phpfpm #rce #exploit", "creation_timestamp": "2019-10-23T09:03:30.000000Z"}, {"uuid": "7c14e85e-2280-4a85-9499-7815b3357ea4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "seen", "source": "https://t.me/arpsyndicate/1410", "content": "#ExploitObserverAlert\n\nCVE-2019-11043\n\nDESCRIPTION: Exploit Observer has 120 entries related to CVE-2019-11043. In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.\n\nFIRST-EPSS: 0.974690000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-05T06:29:25.000000Z"}, {"uuid": "936bfe6e-1466-4dc0-9976-3f5c5c818218", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "exploited", "source": "https://t.me/information_security_channel/32110", "content": "A new recently patched remote code execution bug in PHP7 lets hackers hijack the websites running on some NGINX and php-fpm configurations. The vulnerability can be tracked as CVE-2019-11043. The vulnerability resides in env_path_info in the file fpm_main.c of the FPM component. The FPM is the php-fpm module used for performance enhancement. The manipulation of [\u2026]\nThe post PHP7 Remote Code Execution Bug Let Hackers Hijack Websites Running On NGINX Servers (https://gbhackers.com/php7/) appeared first on GBHackers On Security (https://gbhackers.com/).", "creation_timestamp": "2019-10-28T10:32:12.000000Z"}, {"uuid": "87b6c995-44c2-492d-8125-361f20b73267", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "seen", "source": "https://t.me/ctinow/175136", "content": "https://ift.tt/iGUYPgI\nCVE-2019-11043 | PHP up to 7.1.32 FPM fpm_main.c env_path_info Underflow out-of-bounds write", "creation_timestamp": "2024-01-29T10:11:49.000000Z"}, {"uuid": "63219c19-8a66-465e-b609-4ca98bbfc240", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "seen", "source": "Telegram/j_k3S9f-sskQk7kgO6EZwRBqM4LKw8yIawNAdIka5GDxFA", "content": "", "creation_timestamp": "2019-10-28T06:42:10.000000Z"}, {"uuid": "be729a0e-ecb0-4f57-9abc-2c6f00b0321c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "exploited", "source": "https://t.me/true_secator/3091", "content": "\u0422\u0430\u0439\u0432\u0430\u043d\u044c\u0441\u043a\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c QNAP, \u043f\u043e\u0445\u043e\u0436\u0435 \u0447\u0442\u043e, \u043d\u0430\u0448\u0435\u043b \u043f\u0440\u0438\u0447\u0438\u043d\u0443 \u043d\u043e\u0432\u044b\u0445 \u0430\u0442\u0430\u043a \u043d\u0430 \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0435\u0432 \u0441\u0432\u043e\u0438\u0445 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449 (NAS). \u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0441\u0435\u0439\u0447\u0430\u0441 \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u0432 \u0441\u0442\u0430\u0434\u0438\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 PHP \u0442\u0440\u0435\u0445\u043b\u0435\u0442\u043d\u0435\u0439 \u0434\u0430\u0432\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a RCE.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 PHP 7.1.x \u043d\u0438\u0436\u0435 7.1.33, 7.2.x \u043d\u0438\u0436\u0435 7.2.24 \u0438 7.3.x \u043d\u0438\u0436\u0435 7.3.11 \u0441 \u043a\u0440\u0438\u0432\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0435\u0439 nginx (\u0441 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\u043c\u0438, \u043e\u0442\u043b\u0438\u0447\u043d\u044b\u043c\u0438 \u043e\u0442 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043a \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e)\u00a0.\n\n\u041e\u043d\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a\u00a0CVE-2019-11043\u00a0\u0438 \u0438\u043c\u0435\u0435\u0442 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,8 \u0438\u0437 10 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 CVSS.\u00a0\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f, \u0447\u0442\u043e\u0431\u044b Nginx \u0438 php-fpm \u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b (\u0438 \u0432\u044b\u0448\u0435): QTS 5.0.x; QTS 4.5.x; Hero QuTS h5.0.x; Hero QuTS h4.5.x, \u0430 \u0442\u0430\u043a\u0436\u0435 QuTScloud c5.0.x.\n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0432 QTS, QuTS hero \u0438\u043b\u0438 QuTScloud \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u043d\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d nginx, QNAP NAS \u043d\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0438 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0443\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0438 \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u041e\u0421 QTS 5.0.1.2034 build 20220515 \u0438 Hero QuTS h5.0.0.2069 \u0441\u0431\u043e\u0440\u043a\u0430 20220614.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 QNAP\u00a0\u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u0442\u0449\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0432\u043e\u043b\u043d\u044b \u0430\u0442\u0430\u043a \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c ransomware DeadBolt,\u00a0\u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 QNAP NAS, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u044b \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 QTS 4.x.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u043f\u043e\u043a\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c \u043f\u044b\u0442\u0430\u0435\u0442\u0441\u044f \u0431\u043e\u0440\u043e\u0442\u044c\u0441\u044f \u0441 DeadBolt, \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0435\u0432 NAS \u0441 \u0432\u044b\u0445\u043e\u0434\u043d\u044b\u0445 \u043d\u0430\u0447\u0430\u043b\u0438 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u0442\u044c \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0438  ech0raix, \u0441\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043e\u0442\u0447\u0435\u0442\u0430\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u043e\u0431\u0440\u0430\u0437\u0446\u0430\u043c, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u043c \u043d\u0430 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u00a0ID Ransomware. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0432\u0435\u043a\u0442\u043e\u0440 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0439 \u0432 \u043d\u043e\u0432\u044b\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f\u0445 DeadBolt \u0438 ech0raix, \u043e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u043c.\n\n\u0414\u043e \u043c\u043e\u043c\u0435\u043d\u0442\u0430 \u0432\u044b\u044f\u0441\u043d\u0435\u043d\u0438\u044f \u0432\u0441\u0435\u0445 \u043e\u0431\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u0441\u0442\u0432 QNAP \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u043d\u0430 \u043d\u043e\u0432\u0435\u0439\u0448\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c QTS \u0438\u043b\u0438 QuTS hero, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u043e\u0442 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442. \u0415\u0441\u043b\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0438\u043c\u0435\u044e\u0442 \u0442\u0430\u043a\u0438\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f, \u0442\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u043f\u0435\u0440\u0435\u0430\u0434\u0440\u0435\u0441\u0430\u0446\u0438\u0438 \u043f\u043e\u0440\u0442\u043e\u0432 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430 \u0438 UPnP QNAP NAS.\n\n\u0411\u0443\u0434\u0435\u043c \u0441\u043b\u0435\u0434\u0438\u0442\u044c \u0437\u0430 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0430\u043c\u0438 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f.", "creation_timestamp": "2022-06-23T12:08:41.000000Z"}, {"uuid": "ebdce4eb-b87b-4939-a259-460f3d4b2c1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "published-proof-of-concept", "source": "https://t.me/thehackernews/510", "content": "CVE-2019-11043 \ud83d\udd25\n\nA new RCE flaw in PHP 7+ could allow attackers to hack sites running on Nginx with php-fpm enabled on certain configurations\u2014which is reportedly not uncommon.\n\nRead Details \u27a4 https://t.co/coTu2lh1bK\n\n\u27a1\ufe0f PHP released patches\n\u27a1\ufe0f Researcher released PoC exploit", "creation_timestamp": "2019-10-26T21:53:44.000000Z"}, {"uuid": "68215acc-f6fc-453c-9c99-593217378186", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "seen", "source": "https://t.me/xakep_ru/8065", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 PHP7 \u0443\u0433\u0440\u043e\u0436\u0430\u0435\u0442 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 nginx\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0430\u044f \u0432 PHP7 (CVE-2019-11043), \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 nginx \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u043e\u0439 PHP-FPM.\n\nhttps://xakep.ru/2019/10/28/php7-rce/", "creation_timestamp": "2019-10-28T18:50:06.000000Z"}, {"uuid": "ad3f5f19-48b9-425e-b1f9-881df3b3e872", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "published-proof-of-concept", "source": "https://t.me/canyoupwnme/6100", "content": "CVE-2019-11043-Docker\nhttps://github.com/akamajoris/CVE-2019-11043-Docker", "creation_timestamp": "2019-10-26T23:01:30.000000Z"}, {"uuid": "af65ec3a-412a-47f3-bcfe-9140a71145d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "exploited", "source": "https://t.me/DC8044_Info/454", "content": "CVE-2019-11043-Docker\nhttps://github.com/akamajoris/CVE-2019-11043-Docker", "creation_timestamp": "2019-11-02T10:08:58.000000Z"}, {"uuid": "3c05d61c-e958-49c8-8de3-82e6ba2f1741", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "exploited", "source": "https://t.me/SecLabNews/6085", "content": "\u0412 \u0432\u0435\u0442\u043a\u0435 PHP 7 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0430 \u043e\u043f\u0430\u0441\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2019-11043), \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0430\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 URL.\n\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 PHP7 \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u0435\u0442 \u0441\u0430\u0439\u0442\u044b \u0440\u0438\u0441\u043a\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u0437\u043b\u043e\u043c\u0430", "creation_timestamp": "2019-10-27T11:21:25.000000Z"}, {"uuid": "d99907e0-ccaa-4d42-b941-429b3ae0c993", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "seen", "source": "https://t.me/CNArsenal/253", "content": "cve-2019-11043\n\nUrl/index.php?a=id", "creation_timestamp": "2022-09-09T04:10:08.000000Z"}, {"uuid": "f1be45e1-9b7b-4f6f-aea0-d5a8c4c51d68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/494", "content": "#exploit\n1. CVE-2019-11043:\nPHP-FPM RCE Exploit\nhttps://github.com/kriskhub/CVE-2019-11043\n\n2. OAMBuster - Multithreaded exploit for CVE-2018-2879\nhttps://www.redtimmy.com/blog/page/21\n]-&gt; Multithreaded Padding Oracle Attack on Oracle OAM (CVE-2018-2879):\nhttps://github.com/redtimmy/OAMBuster", "creation_timestamp": "2024-10-14T21:03:55.000000Z"}, {"uuid": "fc14c0ea-cea6-4b89-af60-06f9f3456dec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-11043", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/7695", "content": "\u274c PHP Bug Allows Remote Code-Execution on NGINX Servers \u274c\n\nCVE-2019-11043 is trivial to exploit -- and a proof of concept is available.\n\n\ud83d\udcd6 Read\n\nvia \"Threatpost\".", "creation_timestamp": "2019-10-28T17:20:48.000000Z"}]}