: Always validate and sanitize inputs to prevent arbitrary code execution vulnerabilities.
If this script is accidentally exposed to the web (e.g., placed in a publicly accessible vendor/ directory), an attacker can send arbitrary PHP code via POST data or request body. The script will execute that code with the privileges of the web server. vendor phpunit phpunit src util php eval-stdin.php cve
Critical (CVSS 9.8) Affected versions: PHPUnit ≤ 4.8.28 and ≤ 5.6.3 Fixed in: PHPUnit 4.8.28, 5.6.3, and later : Always validate and sanitize inputs to prevent
: PHPUnit before 4.8.28 and 5.x before 5.6.3 Technical Analysis vendor phpunit phpunit src util php eval-stdin.php cve