PHPUnit-RCE

PHPunit Remote code execution Infected Versions : before 4.8.28 and 5.x before 5.6.3

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3

It allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
PHPunit-RCE.php		PHPunit-RCE.php
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PHPunit-RCE.php

PHPunit-RCE.php

README.md

README.md

Repository files navigation

PHPUnit-RCE

About

Releases

Packages

Languages

h3x0crypt/PHPUnit-RCE

Folders and files

Latest commit

History

PHPunit-RCE.php

PHPunit-RCE.php

README.md

README.md

Repository files navigation

PHPUnit-RCE

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages