https://www.tenable.com/blog/cve-2019-11043-vulnerability-in-php-fpm-could-lead-to-remote-code-execution-on-nginx with an exploit available at https://github.com/neex/phuip-fpizdam. Quick look over points to weakness in the code base.