Fast fix for Nginx, PHP-FPM Remote Code Execution (CVE-2019-11043)
This bug (CVE-2019-11043) only applies to configurations where the following code is present in the location directive:fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
There is also a go test application to see if your server is vulnerable:
https://github.com/neex/phuip-fpizdam
In front of the fastcgi_split_path_info command, insert the following directive:try_files $uri =404;