Open saschafoerster opened 4 years ago
I think it might be OK since it includes a try_files
directive, though not sure if that would need to be tightened since it includes $args
?
I don't have a way to test since I use nginx only as a reverse proxy to Apache, which handles php with mod_php
instead of php-fpm
. However if someone's using nginx+php-fpm, they can test to see if it's vulnerable with this PoC:
The config is here: https://github.com/wallabag/docker/blob/f86d945624865dcb4fa1d2d6a53b54b77285221b/root/etc/nginx/nginx.conf
If someone can test if the config is vulnerable 👍
Some days ago, vulnerabilities in certain Nginx-configs have been reported: https://nvd.nist.gov/vuln/detail/CVE-2019-11043 https://bugs.php.net/bug.php?id=78599 https://de.tenable.com/blog/cve-2019-11043-vulnerability-in-php-fpm-could-lead-to-remote-code-execution-on-nginx
I am not shure, if wallabags configuration is unsafe, but it resembles in some way to described fields of problems: https://github.com/wallabag/wallabag/blob/master/docker/nginx/nginx.conf, for instance it contains: "fastcgi_split_path_info ^(.+?.php)(/.*)$;"