: You can find the original exploit here . It is highly automated and allows a user to achieve Remote Code Execution (RCE) on Nginx servers running PHP-FPM.
Perhaps the most impactful vulnerability for attackers is the ability to bypass PHP's disable_functions security directive. This directive is often used in shared hosting environments to block dangerous functions like exec() , system() , or passthru() . A use-after-free (UAF) vulnerability in the PHP engine allowed specially crafted backtraces to bypass these restrictions, enabling a user to execute arbitrary system commands.
: You can use the Qualys Web Application Scanner to check if your configuration is at risk. Vulnerabilities Specific to PHP 7.2.34 php 7.2.34 exploit github
A more complex vulnerability was discovered in the openssl_encrypt() function. When using the AES-CCM encryption mode with a 12-byte Initialization Vector (IV), PHP incorrectly used only the first 7 bytes of the provided IV. For an attacker, this oversight can significantly weaken the encryption, potentially allowing them to manipulate encrypted data or recover the encryption key under certain conditions.
+-------------------------------------------------------------+ | PRE-patched PHP 7.2 Environment | | | | [Incoming HTTP Cookie] -----> URL-Decoded Name Bypass | | (CVE-2020-7070) | | | | [OpenSSL Encrypt Routine] --> Truncated 7-byte IV State | | (CVE-2020-7069) | +-------------------------------------------------------------+ CVE-2020-7070: HTTP Cookie Name Spoofing : You can find the original exploit here
For educational purposes, here is an example of a simple exploit for the PHP 7.2.34 vulnerability:
Which of those would you like?
For system administrators and security teams, the message is clear. The first line of defense is to eliminate the risk entirely by migrating to a supported PHP version. If legacy systems are unavoidable, a combination of a WAF, strict privilege separation, and continuous monitoring for malicious activity is essential. For penetration testers and security researchers, the exploits and frameworks discussed here provide a comprehensive toolkit for assessing the security posture of legacy PHP applications, serving as a reminder of the continuous cat-and-mouse game between attackers and defenders.