PHPUnit includes a utility script called eval-stdin.php . Developers designed this script to accept PHP code from standard input ( stdin ) and execute it. This capability helps the framework run tests in isolated processes.
rm -f vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php vendor phpunit phpunit src util php eval-stdin.php exploit
This vulnerability was formally assigned . While disclosed in 2017, it remains a persistent problem due to legacy codebases, poor deployment practices, and automated scanning. PHPUnit includes a utility script called eval-stdin
The logs told a story. An automated scanner had found the file two hours ago. Twelve minutes later, someone—probably the same actor—sent a payload: rm -f vendor/phpunit/phpunit/src/Util/PHP/eval-stdin
The attacker sends a POST request to the endpoint with the PHP payload in the body:
Understanding this exploit is crucial for system administrators, security researchers, and developers who manage modern web applications. Anatomy of the Exploit