cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php Not Found
Access logs errors "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php" when using Nginx without PHP.
I received a message from my hosting provider today, stating that a file in the Mailchimp libraries directory is malicious: /public_html/sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php.
One week before Christmas 2017, I received an email with the following subject: "A file from Sebastian Bergmann PHP Unit leads to total failure" (sic).
Util/PHP/eval-stdin.php in PHPUnit starting with 4.8.19 and before 4.8.28, as well as 5.x before 5.6.3, allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a <?php substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external...
Если это так, то, возможно, затронуты все версии PHPUnit, содержащие eval-stdin.php. Имейте в виду, что вы можете неосознанно использовать уязвимый модуль, разработанный третьими лицами с помощью фреймворка PHPUnit, не удаляя его перед публикацией в продакшен.
Host and manage packages. Security. Find and fix vulnerabilities. Codespaces. Instant dev environments.
Установка PHPUnit и написание первый тест. Для начала нужно установить версию php7.2+ и composer.
my webserver is constantly under attack by attempted use of PHP vulnerabilities and through the use of GET requests. How concerned should I be that I have been compromised and how could I check as some of the requests returned 302 and some returned 200.
Пытались: Я попытался обновить права доступа к файлам 755 и 644, config.php, .htaccess, нормализованную базу данных sql, модуль modsec включен, статус apache - никаких проблем и измененные наборы правил на modsecurity_crs_10_config.