Product

Frankenphp

1 brief RSS

FrankenPHP Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files

Two distinct flaws in the `splitPos()` function in `cgi.go` allows an attacker to mislead FrankenPHP into treating a non-`.php` file as a `.php` script, leading to remote code execution where the attacker can control file content.

frankenphp unicode remote code execution web server

2r 1t 1c 1h ago