Skip to content

h3x0crypt/PHPUnit-RCE

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 

Repository files navigation

PHPUnit-RCE

PHPunit Remote code execution Infected Versions : before 4.8.28 and 5.x before 5.6.3

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3

It allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.

About

PHPunit Remote code execution

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages