Vulnerabilities and security researches forjekyll-exporter jekyll-exporter

Jun 06, 2024

CVE, Research URL: CVE-2017-9841
Home page URL: Security reports for Jekyll Exporter
Application: Jekyll Exporter
Date: Jun 27, 2017
Research Description: Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
Affected versions: max 2.2.1.
Status: vulnerable