SUSE CVE-2026-41570

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...

Year in Review: Vulnerabilities old and new and something React2

Speed and age shouldn't be allowed to pair up, but that is the theme of the Talos 2025 Year in Review vulnerability findings. Figure 1. React/React2Shell 2025 at the top, with PHPUnit 2017 and Log4j 2021 following up. The year was characterized by an unending beat-down on infrastructure that reli...

[SECURITY] Fedora 42 Update: phpunit11-11.5.50-1.fc42

PHPUnit is a programmer-oriented testing framework for PHP. It is an instance of the xUnit architecture for unit testing frameworks. This package provides the version 11 of PHPUnit, available using the phpunit11 command. Documentation: https://phpunit.de/documentation.html...

[SECURITY] Fedora 43 Update: phpunit12-12.5.8-1.fc43

PHPUnit is a programmer-oriented testing framework for PHP. It is an instance of the xUnit architecture for unit testing frameworks. This package provides the version 12 of PHPUnit, available using the phpunit12 command. Documentation: https://phpunit.de/documentation.html...

[SECURITY] Fedora 43 Update: phpunit11-11.5.50-1.fc43

PHPUnit is a programmer-oriented testing framework for PHP. It is an instance of the xUnit architecture for unit testing frameworks. This package provides the version 11 of PHPUnit, available using the phpunit11 command. Documentation: https://phpunit.de/documentation.html...

CVE-2020-1756

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool...

CVE-2020-1756

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool...

CVE-2020-1756

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool...

CVE-2020-1756

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool...

UBUNTU-CVE-2020-1756

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool...

CVE-2020-1756

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool...

Exploit for Code Injection in Phpunit_Project Phpunit

PoC exploit for CVE-2017-9841, a remote code execution vulnerabi...

PHP Unit 4.8.28 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: PHP Unit 4.8.28 - Remote Code Execution RCE Unauthenticated Exploit Author: souzo Vendor Homepage: phpunit.de Version: 4.8.28 Tested on: Unit CVE : CVE-2017-9841 import requests from sys import argv phpfiles = "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php",...

PHP Unit 4.8.28 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: PHP Unit 4.8.28 - Remote Code Execution RCE Unauthenticated Date: 2022/01/30 Exploit Author: souzo Vendor Homepage: phpunit.de Version: 4.8.28 Tested on: Unit CVE : CVE-2017-9841 import requests from sys import argv phpfiles = "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php",...

PHP Unit 4.8.28 Remote Code Execution

Exploit Title: PHP Unit 4.8.28 - Remote Code Execution RCE Unauthenticated Date: 2022/01/30 Exploit Author: souzo Vendor Homepage: phpunit.de Version: 4.8.28 Tested on: Unit CVE : CVE-2017-9841 import requests from sys import argv phpfiles = "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php",...