CVE-2019-11043 Online Test

Test if your website is vulnerable to PHP-FPM vulnerability CVE-2019-11043 that affects websites using PHP-FPM to execute PHP pages and can lead to remote code execution. The test is based on phuip-fpizdam and the URL to scan must target a .php file (i.e index.php). The scan will not work for sensitive websites and for websites that are not using Nginx web server.


How to fix CVE-2019-11043?

Upgrade your PHP version to the latest version:
PHP 7.1.33, PHP 7.2.24, PHP 7.3.11

Make sure to also use try_files directive on Nginx configuration to check if $uri variable resolves to a file and in case return a 404 error code:

location ~ [^/]\.php(/|$) {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    #...
}