Vulnerabilities (CVE)

Filtered by vendor Phpunit Project Subscribe

Filtered by product Phpunit

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2017-9841	2 Oracle, Phpunit Project	2 Communications Diameter Signaling Router, Phpunit	2024-02-04	7.5 HIGH	9.8 CRITICAL
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
CVE-2013-4744	1 Phpunit Project	1 Phpunit	2024-02-04	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in the PHPUnit extension before 3.5.15 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.