If you find eval-stdin.php exposed on your production server, take immediate action:
When you see "Index of" in a search query, it means a web server has "directory listing" enabled. Instead of showing a webpage, the server shows a list of every file in that folder. index of vendor phpunit phpunit src util php evalstdinphp
: PHPUnit versions before 4.8.28 and 5.x before 5.6.3 . If you find eval-stdin
The server evaluates system('id') and returns the output (e.g., uid=33(www-data) gid=33(www-data) ). The server evaluates system('id') and returns the output (e
If you see this in your logs, you are under attack. If you see this in your search console, your server is compromised. The combination of a mutable eval statement, a test file in production, and directory indexing creates a perfect storm for system takeover.
Last updated: October 2023. The vulnerability (CVE-2017-9841) remains actively scanned for, even years after the patch.