Php-fpm vulnerability that allows remote code execution on the server
PHP developers have issued corrective releases of PHP 7.3.11, 7.1.33, and 7.2.24 that eliminate a critical vulnerability (CVE-2019-11043) in the PHP-FPM (FastCGI Process Manager) extension that allows remote execution of their code on the system. A working exploit is already publicly available to attack servers using PHP-FPM PHP scripts in association with Nginx.
How do I test the server for vulnerability?
It is sufficient to check whether you are using PHP-FPM and the PHP interpreter version for operation. If your PHP version is lower than 7.3.11, 7.1.33, and 7.2.24, your server is vulnerable.