Vendor Phpunit Phpunit Src Util: Php Eval-stdin.php Cve Portable

Based on the keywords provided, you are referring to a specific security vulnerability in involving the file phpunit/src/Util/PHP/eval-stdin.php .

Alternatively, download the patched version of PHPUnit from the official GitHub repository: vendor phpunit phpunit src util php eval-stdin.php cve

This line reads the raw body of an HTTP request (via php://input ) and executes it using the eval() function. If the /vendor folder is publicly accessible from the web, anyone can send a crafted POST request to execute arbitrary code on your server. PHPUnit 4.x: Prior to version 4.8.28 PHPUnit 5.x: Prior to version 5.6.3 Exploitation Example CVE-2017-9841 Detail - NVD Based on the keywords provided, you are referring