'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app: phpstudy_nginx_parsing_vul(Rule ID:1070210139)

Release Date2025/9/15

Rule NamePhpStudy Nginx Parsing Vulnerability

Severity:critical

CVE ID

 

Descripiton

phpStudy is a program integration package for PHP debugging environment. The package integrates the latest Apache+PHP+MySQL+phpMyAdmin+ZendOptimizer, one-time installation, and can be used without configuration. It is a very convenient and easy-to-use PHP debugging environment. phpStudy has an nginx parsing vulnerability. Attackers can use the upload function to upload legitimate file types containing malicious code to the server, thereby causing the impact of arbitrary code execution. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.