This article comes from a post by CAT, the moderator of the Global Hosting Forum: Jun Ge’s lnmp0.7 one-click installation package has a statement error in the installation script, which does not solve the PHP PATH_INFO vulnerability.
Solution: Download the php.ini file (/usr/local/php/etc/php.ini)
Search:
cgi.fix_pathinfo
Original code:
; cgi.fix_pathinfo=0
Exit the comment!
Alternatively, there is an easier way, log in via SSH and run the following code:
sed -i ‘s/; cgi.fix_pathinfo=0/cgi.fix_pathinfo=0/g’ /usr/local/php/etc/php.ini
Original address: http://www.hostloc.com/thread-60433-1-1.html
Vulnerability introduction: http://blog.s135.com/nginx_0day/
Reminder Friends who use the LNMP one-click installation package to build an environment, please hurry up to solve this problem!
postid
22680