Hubzilla installations under #Nginx
can be affected.
Fixed in latest #PHP
7.3.11, 7.2.24 and 7.1.33.
As temporary solution add
try_files $fastcgi_script_name =404;
instruction right after
fastcgi_split_path_info ... PHP Remote Code Execution 0-Day Discovered in Real World CTF Exercise - Wallarm Blog
An unusual PHP script was found during an hCorem Capture the Flag task, revealing millions of everyday users are vulnerable to attack. Learn the deep tech.
!Hubzilla Support Forum