GitHub - ludy-dev/PHPUnit_eval-stdin_RCE: (CVE-2017-9841)...
ludy-dev/PHPUnit_eval-stdin_RCE. This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
google chrome - Access logs errors... - Ask Ubuntu
Access logs errors "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php" when using Nginx without PHP.
php - How to protect Malicious attack on django website - Stack Overflow
lib/phpunit/phpunit/Util/PHP/eval-stdin.php Not Found
FYI: Hackers tried to access my vendor folder : PHP
Vendor and your public files should be in separate directories and only the files which handle your web requests exposed. Also STDIN works for fetching raw HTTP requests. In CLI mode it fetches the command input, in CGI mode it fetches the body of the request and concurrent streams.
PHPUNIT remote code execution vulnerability... - Programmer Sought
PHPUnit is a PHP test framework for programmers. Util/PHP/eval-stdin.phpThe remote attacker allows remote attackers before the PHPUNIT and 5.6.3 before 4.8.28.<?phpThe HTTP POST data starts at the beginning of the substring executes any PHP code, such as the attack (ie, external access) that has...
php - Suspicious HTTP Requests in my logs - Information Security...
It basically allows you to include the userspice PHP file and then control access to a certain PHP page. As I have seen some spikes in my log management about 404 requests I was getting curious and decided to look at the apache logs directly.
Воскрешение уязвимости PHPUnit в Prestashop
Если это так, то, возможно, затронуты все версии PHPUnit, содержащие eval-stdin.php. Имейте в виду, что вы можете неосознанно использовать уязвимый модуль, разработанный третьими лицами с помощью фреймворка PHPUnit, не удаляя его перед публикацией в продакшен.
NVD - CVE-2017-9841
CVE-2017-9841 Detail. Description. Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e...
eval-stdin.php flagged as malware [#2946280] | Drupal.org
/public_html/sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php. I checked the file content, and it appears to be ok
CVE-2017-9841 : Util/PHP/eval-stdin.php in PHPUnit before 4.8.28...
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed