GitHub - ludy-dev/PHPUnit_eval-stdin_RCE: (CVE-2017-9841)...
(CVE-2017-9841) PHPUnit_eval-stdin_php Remote Code Execution.
google chrome - Access logs errors... - Ask Ubuntu
Access logs errors "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php" when using Nginx without PHP.
php - How to protect Malicious attack on django website - Stack Overflow
Some one might have tried to attack your website assuming it is built using php (did not work atleast according to the logs you are fine). Mostly if you followed good practices your site should be secure (Django makes it hard to built insecure ones).
Common website vulnerability scans found in logs - Nick's Blog
I feel like this is a pretty big one and I’ve seen so many different variations all referring back to the same thing. Deploying a component, which is bundled with other software, which allows remote execution of arbitrary PHP code, seems kinda bad.
FYI: Hackers tried to access my vendor folder : PHP
Stop serving .php files like they're 90's era scripts that live everywhere and anywhere. Set up a root directory for your application, and make it a sibling of your vendor folder, not a parent. This approach works for all webservers.
Воскрешение уязвимости PHPUnit в Prestashop
Если это так, то, возможно, затронуты все версии PHPUnit, содержащие eval-stdin.php. Имейте в виду, что вы можете неосознанно использовать уязвимый модуль, разработанный третьими лицами с помощью фреймворка PHPUnit, не удаляя его перед публикацией в продакшен.
PHPUNIT remote code execution vulnerability... - Programmer Sought
Util/PHP/eval-stdin.phpThe remote attacker allows remote attackers before the PHPUNIT and 5.6.3 before 4.8.28.<?phpThe HTTP POST data starts at the beginning of the substring executes any PHP code, such as the attack (ie, external access) that has an exposed / vendor folder...
CVE-2017-9841 : Util/PHP/eval-stdin.php in PHPUnit before 4.8.28...
vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
Our vulnerability researcher describes patches, proof of concepts, and...
Logical vulnerabilities in PHP code are still the most dangerous and challenging to block. The InfiniteWP Client plugin allows site owners to manage multiple websites from one central server using the InfiniteWP Server and versions < 1.9.4.5 were affected by an authentication bypass.
NVD - CVE-2017-9841
CVE-2017-9841 Detail. Description. Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e...