PHPUnit Unauthenticated Remote Code Execution

PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data. No authentication is required for successful exploitation of this vulnerability.

CVE : CVE-2017-9841

Vulnerable endpoint : /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

Affected versions : Before 4.8.28 and 5.x before 5.6.3

Recommendations for Mitigation : Upgrade your software to the latest non-vulnerable version.

Follow saya di sosial media :

Facebook :
Instagram :
Twitter :
Github :

Email :

Ethical Hacker Indonesia :


Xem thêm bài viết khác:

2 thoughts on “PHPUnit Unauthenticated Remote Code Execution”

Leave a Comment