CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Phpunit Project: >> Phpunit Security Vulnerabilities

CVE-2017-9841

Known exploited

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.

CVSS Score

9.8

EPSS Score

0.944

Published

2017-06-27

CVE-2013-4744

Cross-site scripting (XSS) vulnerability in the PHPUnit extension before 3.5.15 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS Score

4.3

EPSS Score

0.004

Published

2013-07-01

Page 1

Vulnerabilities

Vulnerable Software

Phpunit Project: >> Phpunit Security Vulnerabilities

Products

Pricing

Contact Us