Описание
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 6.5.5-1ubuntu2 |
| cosmic | not-affected | 6.5.5-1ubuntu2 |
| devel | not-affected | 6.5.5-1ubuntu2 |
| disco | not-affected | 6.5.5-1ubuntu2 |
| eoan | not-affected | 6.5.5-1ubuntu2 |
| esm-apps/bionic | not-affected | 6.5.5-1ubuntu2 |
| esm-apps/focal | not-affected | 6.5.5-1ubuntu2 |
| esm-apps/jammy | not-affected | 6.5.5-1ubuntu2 |
| esm-apps/noble | not-affected | 6.5.5-1ubuntu2 |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 ...
Уязвимость компонента Util/PHP/eval-stdin.php фреймворка PHPUnit, позволяющая нарушителю выполнить произвольный PHP-код
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3