This is NOT a CWP bug.
PHP Injection Attacks will happen whenever.
You need to have your php.ini secured, and run ModSecurity with the latest OWASP CRS ruleset.
Along with running the latest PHP version you choose, 8.1, 8.2, 8.3 or 8.4
You'll also need to configured the OWASP base rules for services you run on that server.
NOTE: The CWAF ruleset is dead, and the last update was over a year ago.
Which is sad, this was a great ruleset.
For the PHP Injection Attack that has been going around, there has been fixes here how to clean up your PHP-FPM.
Topic: [CRITICAL] Multiple CWP Servers Infected – Arbitrary PHP Code Execution via Publ (Read 2343 times)
