Intrusion PreventionPHPUnit.Eval-stdin.PHP.Remote.Code.Execution
Description
This indicates an attack attempt against a Remote Code Execution vulnerability in PHPUnit.
The vulnerability, which is located in Util/PHP/eval-stdin.php, can be exploited via a HTTP POST request. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application.
Outbreak Alert
FortiGuard Labs continue to observe widespread activity of Androxgh0st Malware in the wild exploiting multiple vulnerabilities, specifically targeting- the PHPUnit (CVE-2017-9841), Laravel Framework (CVE-2018-15133) and Apache Web Server (CVE-2021-41773) to spread and conduct information gathering attacks on the target networks
Affected Products
PHPUnit before 4.8.28 and 5.x before 5.6.3
Impact
System Compromise: Remote attacker can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://phpunit.de/
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2020-04-09 | 15.814 | Sig Added |
| ID | 45765 |
| Created | Apr 18, 2018 |
| Updated | Nov 03, 2021 |
| Outbreak Alert | Androxgh0st Malware |
| Risk |
|
| CVE ID | CVE-2017-9841 |
| Known Exploited | Yes |
| Exploit Prediction Score | 97.48% |
| Default Action | drop |
| Active | |
| Affected OS | All |
| Affected App | PHP_app |