CVE-2017-9841: Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

KEVITWEXPLOIT

CISA Known Exploited Vulnerabilitydue 2022-08-15

Exploited in the wild

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.

Affected

14 ranges

Vendor	Product	Version range	Fixed in
debian	phpunit	< phpunit 5.4.6-2 (bookworm)	phpunit 5.4.6-2 (bookworm)
drupal	drupal	—	—
oracle	communications_diameter_signaling_router	8.0.0 – 8.5.0	—
phpunit	phpunit	>= 4.8.19 < 4.8.28	4.8.28
phpunit	phpunit	>= 5.0.10 < 5.6.3	5.6.3
phpunit_project	phpunit	<= 4.8.27	—
phpunit_project	phpunit	>= 0 < 5.4.6-2	5.4.6-2
phpunit_project	phpunit	>= 0 < 5.4.6-2	5.4.6-2
phpunit_project	phpunit	>= 0 < 5.4.6-2	5.4.6-2
phpunit_project	phpunit	>= 0 < 5.4.6-2	5.4.6-2
phpunit_project	phpunit	>= 5.0.0 < 5.6.3	5.6.3
prestashop	autoupgrade	>= 4.0.0 < 4.10.1	4.10.1
prestashop	gamification	>= 0 < 2.3.2	2.3.2
prestashop	ps_facetedsearch	>= 0 < 3.4.1	3.4.1

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

ghsa9.8CRITICAL

osv9.8CRITICAL

vulncheck9.8CRITICAL

cisa9.8CRITICAL