Vendor Phpunit Phpunit Src Util Php Eval-stdin.php Exploit Apr 2026

File: phpunit/src/Util/PHP/eval-stdin.php

#!/usr/bin/env php <?php eval('?>'.file_get_contents('php://input')); This script would read from php://input (raw POST data) and execute it as PHP code - no authentication, no restrictions. Attackers could send a POST request containing PHP code to eval-stdin.php : vendor phpunit phpunit src util php eval-stdin.php exploit