Nginx Null Byte Code Execution
Impact: High
Description
Null byte character (ASCII 0x00) is allowed in the URL. If the user can control the contents of files on the server, this can result in the arbitrary PHP code execution.
Recommendation
Upgrade the Nginx.
References
👉 You might also like:
HTTP Protocol Stack Remote Code Execution Vulnerability (DOS) - CVE-2021-31166
Drupal 'Drupalgeddon2' Remote Code Execution - CVE-2018-7600
Nginx Code Execution due to Misconfiguration - Vulnerability
Vulnerable Nginx Version - Vulnerability
Last updated on February 15, 2021