Vulnerable
A proof-of-concept exploit has been publicly disclosed, demonstrating how an attacker can execute arbitrary code on a vulnerable system. The exploit involves providing malicious input to the eval-stdin.php script, which is then executed by the vulnerable PHPUnit instance. vendor phpunit phpunit src util php eval-stdin.php cve
The PHPUnit vendor has released a patch for the vulnerability, which is included in PHPUnit version 9.5.0. The vendor has also provided guidance on mitigating the vulnerability. The vendor has also provided guidance on mitigating
The patch for CVE-2022-0847 involves updating the eval-stdin.php script to properly sanitize user input. The patched version of the script can be found in PHPUnit version 9.5.0. identified as CVE-2022-0847
The vulnerability, identified as CVE-2022-0847, affects PHPUnit versions prior to 9.5.0. It resides in the util.php file within the src directory of PHPUnit, specifically in the eval-stdin.php script. This script is used to evaluate PHP code from standard input.