PHPUnit is prone to an arbitrary code-execution vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition.
PHPUnit prior to 4.8.28 and 5.x prior to 5.6.3 are vulnerable.
Information
Phpunit Project Phpunit 3.3.12
Phpunit Project Phpunit 3.3.11
Phpunit Project Phpunit 3.3.10
Phpunit Project Phpunit 3.3.5
Phpunit Project Phpunit 3.3.4
Phpunit Project Phpunit 3.3.7
Phpunit Project Phpunit 3.3.6
Phpunit Project Phpunit 3.3.3
Phpunit Project Phpunit 3.3.2
Phpunit Project Phpunit 3.3.1
Phpunit Project Phpunit 3.3.0
Moodle Moodle 3.3.1
Moodle Moodle 3.2.4
Moodle Moodle 3.1.7
Moodle Moodle 3.1.4
Moodle Moodle 3.1.3
Moodle Moodle 3.1.2
Moodle Moodle 3.1.1
Moodle Moodle 3.3
Moodle Moodle 3.2.3
Moodle Moodle 3.2.2
Moodle Moodle 3.2.1
Moodle Moodle 3.2
Moodle Moodle 3.1.6
Moodle Moodle 3.1.5
Moodle Moodle 3.1
Phpunit Project Phpunit 4.8.28
Moodle Moodle 3.3.2
Moodle Moodle 3.2.5
Moodle Moodle 3.1.8
Exploit
The researcher has created a functional exploit to demonstrate the issue. Please see the references for more information.
References:
- Correct fix for #1956 (phpunit)
- CVE-2017-9841 RCE vulnerability in phpunit (vulnbusters.com)
- Fix insulated tests with phpdbg #1956 (phpunit)
- PHPUnit Homepage (phpunit)
- MSA-17-0020: Admins may not know that exposing vendor directory is a security ri (Moodle)