CVE-2017-9841
PHPUnit Command Injection Vulnerability
CVSS
—
Sin CVSS
EPSS
100.0%
p100
KEV
SÍ
15 feb 2022
Exploit Today
80
0-100
Publicado: — · Última mod.: —
100.0%EPSS · 30 días100.0%
2026-06-302026-07-16
Producto
PHPUnit / PHPUnit
Vulnerabilidad
PHPUnit Command Injection Vulnerability
Añadido a KEV
15 feb 2022
Remediar antes de
15 ago 2022
Uso conocido en ransomware
No
Descripción resumida
PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
Acción requerida
Apply updates per vendor instructions.
Notas
https://nvd.nist.gov/vuln/detail/CVE-2017-9841
Sin CVEs relacionados por CWE o producto.