What exactly does eval-stdin.php do? Let’s look at the source code that historically shipped with PHPUnit versions before 4.8.28 and 5.6.3:
If eval-stdin.php is exposed to the public internet (especially in a vendor/ folder inside the web root), an attacker can send PHP code to it and have it executed on the server, leading to: index of vendor phpunit phpunit src util php evalstdinphp
find . -path "*/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php" What exactly does eval-stdin
. This vulnerability allows an unauthenticated attacker to execute arbitrary PHP code on a web server. The Anatomy of the Vulnerability (CVE-2017-9841) The flaw exists because the eval-stdin.php index of vendor phpunit phpunit src util php evalstdinphp
No tienes autorización para copiar el contenido de esta página.