We provide guidance on using NGINX to mitigate the recently discovered vulnerability in PHP-FPM (CVE-2019-11043). The vulnerability is triggered when the PATH_INFO variable passed to PHP-FPM with an invalid value, which can happen in a common NGINX configuration.
![](https://www.nginx-cn.net/wp-content/uploads/2024/05/nginx-cn.net_弹窗图_-_560x666-1.png)