CVE-2017-9841
Scores
EPSS Score
0.9441
CVSS
3.x 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
All CVSS Scores
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Description
Util/PHP/eval-stdin.php в PHPUnit до 4.8.28 и 5.x до 5.6.3 позволяет удалённым злоумышленникам выполнять произвольный PHP код через HTTP POST данные, начинающиеся с подстроки "<?php ", что демонстрируется атакой на сайт с открытой папкой /vendor, т.е. внешний доступ к /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
Sources
CWEs
Related Vulnerabilities
Exploits
Exploit ID: CVE-2017-9841
Source: cisa
URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Reference Links
Vulnerable Software
Type: Configuration
Product: phpunit
Operating System: ubuntu kinetic 22.10
{
"unaffected": true
}Source: ubuntu
Type: Configuration
Product: phpunit
Operating System: debian wheezy 7
{
"unaffected": true
}Source: debian
Type: Configuration
Product: phpunit
Operating System: debian jessie 8
{
"unaffected": true
}Source: debian
Type: Configuration
Product: phpunit
Operating System: debian stretch 9
{
"fixed": "5.4.6-2~deb9u1"
}Source: debian
Type: Configuration
Product: phpunit
Operating System: debian
{
"fixed": "5.4.6-2"
}Source: debian
Type: Configuration
Product: phpunit
Operating System: ubuntu zesty 17.04
{
"unfixed": true
}Source: ubuntu
Type: Configuration
Product: phpunit
Operating System: ubuntu yakkety 16.10
{
"unfixed": true
}Source: ubuntu
Type: Configuration
Product: phpunit
Operating System: ubuntu xenial 16.04
{
"unfixed": true
}Source: ubuntu
Type: Configuration
Product: phpunit
Operating System: ubuntu trusty 14.04
{
"unaffected": true
}Source: ubuntu
Type: Configuration
Product: phpunit
Operating System: ubuntu lunar 23.04
{
"unaffected": true
}Source: ubuntu
Type: Configuration
Product: phpunit
Operating System: ubuntu artful 17.10
{
"unfixed": true
}Source: ubuntu
Type: Configuration
Product: phpunit
Operating System: ubuntu jammy 22.04
{
"unaffected": true
}Source: ubuntu
Type: Configuration
Product: phpunit
Operating System: ubuntu impish 21.10
{
"unaffected": true
}Source: ubuntu
Type: Configuration
Product: phpunit
Operating System: ubuntu hirsute 21.04
{
"unaffected": true
}Source: ubuntu
Type: Configuration
Product: phpunit
Operating System: ubuntu groovy 20.10
{
"unaffected": true
}Source: ubuntu
Type: Configuration
Product: phpunit
Operating System: ubuntu focal 20.04
{
"unaffected": true
}Source: ubuntu
Type: Configuration
Product: phpunit
Operating System: ubuntu eoan 19.10
{
"unaffected": true
}Source: ubuntu
Type: Configuration
Product: phpunit
Operating System: ubuntu disco 19.04
{
"unaffected": true
}Source: ubuntu
Type: Configuration
Product: phpunit
Operating System: ubuntu cosmic 18.10
{
"unaffected": true
}Source: ubuntu
Type: Configuration
Product: phpunit
Operating System: ubuntu bionic 18.04
{
"unaffected": true
}Source: ubuntu
Type: Configuration
Vendor: oracle
Product: communications_diameter_signaling_router
Operating System: * * *
{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.5.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"operator": "OR"
}Source: nvd
Type: Configuration
Vendor: phpunit_project
Product: phpunit
Operating System: * * *
{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:phpunit_project:phpunit:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.8.27",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:phpunit_project:phpunit:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.6.3",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"operator": "OR"
}Source: nvd