| Item | Detail | |-------------------|--------| | | CVE-2017-9841 | | Component | PHPUnit eval-stdin.php | | Attack vector | HTTP request to vulnerable script | | Impact | Remote Code Execution (RCE) | | Fix | Update PHPUnit, remove file, block /vendor/ |
The CVE-2017-9841 saga taught the PHP community several painful lessons: vendor phpunit phpunit src util php eval-stdin.php cve
Attackers send a POST request to the vulnerable URI. If the server is misconfigured to allow public access to the /vendor directory, the code executes immediately. Vulnerability Details : CVE-2017-9841 | Item | Detail | |-------------------|--------| | |