was released on GitHub to automate the exploit. It works by sending a specially crafted URL containing to trigger an env-var overwrite. Availability : A Metasploit module ( php_fpm_rce ) is also available for testing this vulnerability. CVE-2020-7070 (HTTP Cookie Injection)
docker run -d -p 80:80 php:7.2.34-apache php 7.2.34 exploit github