| Item | Value | |------|-------| | Vulnerability | Remote Code Execution (RCE) | | CVE | CVE-2017-9841 | | Affected File | vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | | Attack Vector | HTTP POST to that file with PHP code in body | | Patch | Remove PHPUnit from production / upgrade to PHPUnit ≥ 7.0 | | Detection | grep -r "eval-stdin" /var/www / web logs for POST to that URI |
in production:
The vulnerability exists in a specific file: vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php . The Vulnerability Anatomy vendor phpunit phpunit src util php eval-stdin.php cve
Marta checked the commit logs. The eval-stdin.php file had been added with a message: “quick helper for debugging.” The author’s name was unfamiliar; a contractor perhaps, long since gone. The patch had slipped through because the CI pipeline was lax—no static analysis gates, no policy to forbid evals in deployed artifacts. She copied the file into a sandbox and drew a line through it with her editor.
( .htaccess or vhost):
Short term (hours–days)
POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: target-vulnerable-server.com Content-Type: application/x-www-form-urlencoded Content-Length: 19 Use code with caution. The Execution Lifecycle | Item | Value | |------|-------| | Vulnerability
Below is a detailed breakdown of this CVE, its impact, exploitation, and remediation.