/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php refers to a critical Remote Code Execution (RCE) vulnerability (tracked as CVE-2017-9841
/var/www/html/vendor/var/www/vendor (while public is at /var/www/html/public)Remove the file immediately:
Disable directory indexing (Apache: Options -Indexes, Nginx: autoindex off;).
This file is the central component of CVE-2017-9841, a critical Remote Code Execution (RCE) vulnerability affecting PHPUnit versions prior to 5.6.3.
Example Attack Request:
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php refers to a critical Remote Code Execution (RCE) vulnerability (tracked as CVE-2017-9841
/var/www/html/vendor/var/www/vendor (while public is at /var/www/html/public)Remove the file immediately:
Disable directory indexing (Apache: Options -Indexes, Nginx: autoindex off;).
This file is the central component of CVE-2017-9841, a critical Remote Code Execution (RCE) vulnerability affecting PHPUnit versions prior to 5.6.3.
Example Attack Request: