Hubzilla installations under #
Nginx can be affected.
Fixed in latest #
PHP 7.3.11, 7.2.24 and 7.1.33.
As temporary solution add
try_files $fastcgi_script_name =404; instruction right after
fastcgi_split_path_info ... PHP Remote Code Execution 0-Day Discovered in Real World CTF Exercise - Wallarm Blog
An unusual PHP script was found during an hCorem Capture the Flag task, revealing millions of everyday users are vulnerable to attack. Learn the deep tech.
!
Hubzilla Support Forum#
security
