CVE-2017-9841CISA KEV: Actively Exploited

PHPUnit Command Injection Vulnerability

Published Feb 15, 2022·Updated Feb 15, 2022

Description

PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.

Public Exploits & PoCs20 found

PoC: phpunit-brute

Tool to try multiple paths for PHPunit RCE CVE-2017-9841

24

PoC: laravel-phpunit-rce-masscaner

Masscanner for Laravel phpunit RCE CVE-2017-9841

15

PoC: CVE-2017-9841

A Tool for scanning CVE-2017-9841 with multithread

3

PoC: PHPUnit_eval-stdin_RCE

(CVE-2017-9841) PHPUnit_eval-stdin_php Remote Code Execution

3

PoC: CVE-2017-9841-

CVE-2017-9841

1

PoC: CVE-2017-9841-PHPUnit-Remote-Code-Execution-RCE-PoC

CVE-2017-9841 is a Remote Code Execution (RCE) vulnerability in the PHPUnit library affecting versions prior to 5.6.3 and 6.x prior to 6.4.2.

PoC: CVE-2017-9841

Laravel-RCE: CVE-2017-9841

PoC: PHPUnit-GoScan

🛡️ Scan for vulnerable PHPUnit endpoints quickly with this fast, multithreaded tool, ensuring your applications stay secure against CVE-2017-9841.

PoC: CVE-2017-9841

PHP Unit 4.8.28 - Remote Code Execution (exploiter)

PoC: PHPUnit-GoScan

PHPUnit CVE-2017-9841 Scanner in Go clean and fire.

PoC: CVE-2017-9841-EXPLOIT

A PoC exploit for CVE-2017-9841 - PHPUnit Remote Code Execution(RCE)

PoC: Argus

"Argus" is a security tool designed to scan a list of websites for a known vulnerability in the PHPUnit framework, specifically the CVE-2017-9841 vulnerability. The tool attempts to exploit this vulnerability to verify its existence.

PoC: CVE-2017-9841

PHPUnit RCE

PoC: PHPunit-Exploit

PHPunit Checker CVE-2017-9841 By MrMad

PoC: eval-stdin

Automated Exploit for CVE-2017-9841 (eval-stdin.php vulnerable file)

PoC: cve-2017-9841

RCE from phpunit 5.6.2

PoC: CVE-2017-9841

CVE-2017-9841批量扫描及利用脚本。PHPUnit是其中的一个基于PHP的测试框架。 PHPUnit 4.8.28之前的版本和5.6.3之前的5.x版本中的Util/PHP/eval-stdin.php文件存在安全漏洞。远程攻击者可通过发送以‘<?php’字符串开头的HTTP POST数据利用该漏洞执行任意PHP代码。

PoC: CVE-2017-9841

phpunit-shell | CVE_2017-9841

PoC: CVE-2017-9841

RCE exploit for PHP Unit 5.6.2

PoC: CVE-2017-9841

CVE-2017-9841 detector script

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free