Product
medium
threat
Suspicious Command Execution via Web Server on Linux
2 rules 3 TTPsIdentifies suspicious command executions via a web server on Linux systems, which may suggest a vulnerability and remote shell access.
Elastic Defend +43
persistence
initial-access
vulnerability
linux
2r
3t
high
advisory
FrankenPHP Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files
2 rules 1 TTP 1 CVETwo distinct flaws in the `splitPos()` function in `cgi.go` allows an attacker to mislead FrankenPHP into treating a non-`.php` file as a `.php` script, leading to remote code execution where the attacker can control file content.
frankenphp
unicode
remote code execution
web server
2r
1t
1c