Remote Code Execution in PHPUnit by Sebastian Bergmann
CVE-2017-9841

9.8CRITICAL

Key Information:

Vendor: PHPunit Project
Status: PHPunit
Vendor: CVE Published:; 27 June 2017

🔔 Create PHPunit Project Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 94%🦅 CISA Reported

What is CVE-2017-9841?

A vulnerability in PHPUnit's eval-stdin.php script prior to versions 4.8.28 and 5.6.3 permits remote attackers to execute arbitrary PHP code. This occurs through crafted HTTP POST requests containing PHP code snippets that initiate execution, particularly when /vendor folders are publicly accessible. This flaw underscores the importance of securing sensitive directories and maintaining up-to-date software versions to protect against exploitation.

CISA has reported CVE-2017-9841

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2017-9841 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

phpunit-brute
Created by RandomRobbieBF

laravel-phpunit-rce-masscaner
Created by incogbyte

PHPUnit_eval-stdin_RCE
Created by ludy-dev