The bug (CVE-2019-11043) exists in the FastCGI directive used in some PHP implementations on NGINX servers. The issue is patched in PHP versions 7.3.11, 7.2.24 and 7.1.33, which were released last week. The bug can be exploited by sending specially crafted packets to the server by using the fastcgi_split_path directive and a regexp trick with newlines. Without patching, this issue can be a dangerous entry point into web applications.
Source: https://threatpost.com/php-bug-rce-nginx-servers/149593/