(CVE-2017-9841) PHPUnit_eval-stdin_php Remote Code Execution. A code injection vulnerability in PHPUnit, a PHP unit testing framework which part of the Mailchimp , Mailchimp E-Commerce moduels in Drupal The vulnerability within the /phpunit/src/Util/PHP/eval-stdin.php file through its...
Access logs errors "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php" when using Nginx without PHP.
There is an extra reason to remove the phpunit files of the 1.0.5 library: /sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/PHP/alexusMailer_v2.0.php is actively being used to send spam from your server.
Если это так, то, возможно, затронуты все версии PHPUnit, содержащие eval-stdin.php. Имейте в виду, что вы можете неосознанно использовать уязвимый модуль, разработанный третьими лицами с помощью фреймворка PHPUnit, не удаляя его перед публикацией в продакшен.
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed
0x01 vulnerability introduction. PHPUnit is a PHP test framework for programmers. Util/PHP/eval-stdin.phpThe remote attacker allows remote attackers before the PHPUNIT and 5.6.3 before 4.8.28...
Ошибки журнала доступа "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php" при использовании Nginx без PHP. Я используя Nginx в качестве веб-сервера и не устанавливая PHP и модули на машины. Когда я проанализировал журналы доступа, я получил следующее
It basically allows you to include the userspice PHP file and then control access to a certain PHP page. As I have seen some spikes in my log management about 404 requests I was getting curious and decided to look at the apache logs directly.
CVE-2017-9841 Detail. Description. Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e...