Lucene search
MitreCVELIST:CVE-2017-9841HistoryJun 27, 2017 - 5:00 p.m.
CVE-2017-9841
2017-06-2717:00:00
mitre
www.cve.org
1
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
References
web.archive.org/web/20170701212357/http://phpunit.vulnbusters.com/
www.securityfocus.com/bid/101798
www.securitytracker.com/id/1039812
github.com/sebastianbergmann/phpunit/commit/284a69fb88a2d0845d23f42974a583d8f59bf5a5
github.com/sebastianbergmann/phpunit/pull/1956
security.gentoo.org/glsa/201711-15
www.oracle.com/security-alerts/cpuoct2021.html
Related
cisa_kev
cisa_kev
PHPUnit Command Injection Vulnerability
2022-02-15 00:00:00
prion
prion
Code injection
2017-06-27 17:29:00
osv
osv
CVE-2017-9841
2017-06-27 17:29:00
PrestaShop module ps_facetedsearch might be vulnerable from CVE-2017-9841
2020-01-07 17:20:47
wpexploit
wpexploit
Multiple Plugins - Unauthenticated RCE via PHPUnit
2017-08-26 00:00:00
packetstorm
packetstorm
PHP Unit 4.8.28 Remote Code Execution
2022-02-02 00:00:00
friendsofphp
friendsofphp
RCE vulnerability in phpunit
2016-11-13 17:52:50
RCE vulnerability in phpunit
2016-11-13 17:52:50
nuclei
nuclei
PHPUnit - Remote Code Execution
2020-08-07 08:02:28
openvas
openvas
PHPUnit 'CVE-2017-9841' RCE Vulnerability (HTTP) - Active Check
2018-04-14 00:00:00
Mageia: Security Advisory (MGASA-2017-0429)
2022-01-28 00:00:00
qualysblog
qualysblog
Risk Fact #4: Malware in your Cloud means Exploitation is underway
2023-08-29 08:02:57
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
wpvulndb
wpvulndb
Multiple Plugins - Unauthenticated RCE via PHPUnit
2017-08-26 00:00:00
zdt
zdt
PHP Unit 4.8.28 - Remote Code Execution (Unauthenticated) Exploit
2022-02-02 00:00:00
github
github
PrestaShop module ps_facetedsearch might be vulnerable from CVE-2017-9841
2020-01-07 17:20:47
ubuntucve
ubuntucve
CVE-2017-9841
2017-06-27 00:00:00
checkpoint_advisories
checkpoint_advisories
PHPUnit Command Injection (CVE-2017-9841)
2019-11-04 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2017-06-28 01:33:54
nvd
nvd
CVE-2017-9841
2017-06-27 17:29:00
nessus
nessus
GLSA-201711-15 : PHPUnit: Remote code execution
2017-11-20 00:00:00
Drupal PHPUnit/Mailchimp Code Execution Vulnerability
2019-09-06 00:00:00
thn
thn
Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments
2023-11-03 13:12:00
AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials
2024-03-21 12:48:00
hackerone
hackerone
8x8: Exposed PHP dependencies at ββ.8x8.com
2021-03-22 17:56:43
debiancve
debiancve
CVE-2017-9841
2017-06-27 17:29:00
gentoo
gentoo
PHPUnit: Remote code execution
2017-11-19 00:00:00
impervablog
impervablog
The Resurrection of PHPUnit RCE Vulnerability
2020-02-18 18:27:41
CrimeOps of the KashmirBlack Botnet β Part I
2020-10-22 13:07:28
attackerkb
attackerkb
CVE-2017-9841
2017-06-27 00:00:00
cve
cve
CVE-2017-9841
2017-06-27 17:29:00
exploitdb
exploitdb
PHP Unit 4.8.28 - Remote Code Execution (RCE) (Unauthenticated)
2022-02-02 00:00:00
threatpost
threatpost
Threatlist: Hackers Turn to Python as Attack Coding Language of Choice
2018-09-27 20:08:07
ics
ics
Known Indicators of Compromise Associated with Androxgh0st Malware
2024-01-16 12:00:00
mageia
mageia
Updated mediawiki packages fix security vulnerabilities
2017-11-29 21:52:42
cisa
cisa
CISA Adds Nine Known Exploited Vulnerabilities to Catalog
2022-02-15 00:00:00
freebsd
freebsd
mediawiki -- multiple vulnerabilities
2017-11-14 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00