Index Of Vendor Phpunit Phpunit Src Util Php Evalstdinphp Work -

EvalStdin.php is a utility script used internally by PHPUnit when running tests in (using @runInSeparateProcess annotation or processIsolation="true" ).

The file path vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php refers to a high-severity Remote Code Execution (RCE) vulnerability, tracked as CVE-2017-9841 Review: The PHPUnit RCE Vulnerability EvalStdin

echo '<?php echo 2+2; ?>' | php vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php # Output: 4 ?php echo 2+2

Remote Code Execution (RCE) via PHP Code Injection. Severity: Critical (CVSS score 9.8). EvalStdin