Hi guys,
Just for your information, there is a security hole that may be
exploited by
malicious users, when PHP and older versions of nginx (0.5., 0.6.,
0.7 <= 0.7.65, 0.8 <= 0.8.37) being used. And it has been widely spread
these
days.
This vulnerability was found by Neal Poole and has been reported to
Igor:
https://nealpoole.com/blog/2011/07/possible-arbitrary-code-execution-with-null-bytes-php-and-old-versions-of-nginx/
I do agree with Igor that it’s not an issue of Nginx itself, but those
lazy
system administrators should upgrade their Nginx to the latest version
right
now.
Regards,