CVE-2017-9841

DEB

Critical KEVConfirmedExploit available

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST d…

CVSS

9.8

Critical

EPSS

1.00

p100

Published

2017-01-01

Updated

2022-02-15

Description

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.

Tags · CWE

KEVPre-auth

CWE-94

CAPEC-35

CAPEC-77

CAPEC-242

Affected products

PhpunitPhpunitPhpunitPhpunitPhpunitPhpunitPhpunitPhpunitPhpunitPhpunitPhpunitPhpunitPhpunitPhpunitPhpunitPhpunitPhpunitPhpunitPhpunitPhpunit

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

2017-01-01

Published

2022-02-15

Added to KEV

2022-02-15

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: H

High (H)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

1.000 · p100

Known exploited (KEV)

Yes

MITRE ATT&CK

Inferred via CAPEC

T1027.006HTML Smuggling

└ via CAPEC-35 · CWE-94

T1027.009Embedded Payloads

└ via CAPEC-35 · CWE-94

T1564.009Resource Forking

└ via CAPEC-35 · CWE-94

Known exploits — Сканер-ВС

50702

exploitdb · https://www.exploit-db.com/exploits/50702

Enterprise

CVE-2017-9841

github-poc · https://github.com/krisdewa/CVE-2017-9841-PHPUnit-Remote-Code-Execution-PoC

Enterprise

Affected software

Product	Vendor	Status
phpunit		Exploited
phpunit		Exploited
phpunit		Exploited
phpunit		Exploited
phpunit		Exploited
phpunit		Exploited
phpunit		Exploited
phpunit		Exploited
phpunit		Exploited
phpunit		Exploited
phpunit		Exploited
phpunit		Exploited
phpunit		Exploited
phpunit		Exploited
phpunit		Exploited
phpunit		Exploited
phpunit		Exploited
phpunit		Exploited
phpunit		Exploited
phpunit		Exploited

Source databases

DEB

CVE

UBU

Related vulnerabilities

BDU:2021-04398