Vulnerabilities > Phpunit Project > Phpunit > 3.2.21
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-06-27 | CVE-2017-9841 | Code Injection vulnerability in multiple products Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI. | 7.5 |
2013-07-01 | CVE-2013-4744 | Cross-Site Scripting vulnerability in PHPunit Project PHPunit Cross-site scripting (XSS) vulnerability in the PHPUnit extension before 3.5.15 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |