If you are running php-cgi, there is a major vulnerability that will allow attackers to view and run PHP source code on your site.
Resources on the vulnerability:
- Many nginx setups use php-cgi, so it is critical to patch PHP to the latest version or apply the recommended fixes through Apache Rewrite.
- Mod_php and php-fpm systems are not vulnerable to this attack. Most Apache web server setups use the mod_php method for PHP.