195 matches found
PHPUnit RCE Vulnerability
PHPUnit is one of the PHP-based testing framework. A security vulnerability exists in the Util/PHP/eval-stdin.php file in PHPUnit versions prior to 4.8.28 and 5.x versions prior to 5.6.3. A remote attacker can exploit this vulnerability by sending HTTP POST data beginning with the string '?php' t...
Remote Code Execution (RCE)
phpunit is vulnerable to remote code execution RCE attacks. A malicious user can inject and execute arbitrary PHP script by using the ?php tag and sending a POST request to the eval-stdin.php file on the system...
UBUNTU-CVE-2017-9841
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...
Code injection
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...
DEBIAN-CVE-2017-9841
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...
CVE-2017-9841
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...
CVE-2017-9841
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...
CVE-2017-9841
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...
CVE-2017-9841
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...
CVE-2017-9841
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...
CVE-2017-9841
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...
CVE-2017-9841
CVE-2017-9841 (PHPUnit) affects the Util/PHP/eval-stdin.php component of PHPUnit. The vulnerability allows remote code execution when an HTTP POST request starts with the string "<?php" (or with a leading '
CVE-2017-9841
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a “?php ” substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...
PT-2017-4155
Name of the Vulnerable Software and Affected Versions PHPUnit versions 4.8.19 through 4.8.27 PHPUnit versions 5.x before 5.6.3 Description The issue is related to the Util/PHP/eval-stdin.php component in PHPUnit, which allows remote attackers to execute arbitrary PHP code via HTTP POST data...
Drupal 8.x < 8.2.7 Multiple Vulnerabilities (SA-2017-001)
The version of Drupal running on the remote web server is 8.x prior to 8.2.7. It is, therefore, affected by the multiple vulnerabilities : - A security bypass vulnerability exists in the editor module due to a failure to properly check access restrictions when adding private files with a configur...
UBUNTU-CVE-2017-6381
A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerabl...
CVE-2017-6381
A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerabl...
CVE-2017-6381
A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerabl...
CVE-2017-6381
CVE-2017-6381 corresponds to a Drupal RCE via the PHPUnit component bundled with Drupal 8 development dependencies. Affected if running Drupal versions before 8.2.2; mitigation in the public description notes that .htaccess generally blocks PHP execution and that Composer development dependencies...
RCE vulnerability in phpunit
More info at https://nvd.nist.gov/vuln/detail/CVE-2017-9841...