cleantalk
Vulnerabilities and Security Researches

Jekyll Exporter, CVE-2017-9841

CVE, Research URL

CVE-2017-9841

Home page URL

Security reports for Jekyll Exporter

Application

Jekyll Exporter

Published on
Jun 27, 2017
Research Description
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
Affected versions
max 2.2.1.
Status
vulnerable
Previous vulnerability researches
Video Analytics for Cloudflare Stream (4c17aaeb137b1b4d1db7fb193bb5506f568466d9) , Jun 07, 2024
CloudFlare(R) Cache Purge (CVE-2025-22332) , Feb 03, 2025
Simple Cloudflare Turnstile &#8211; CAPTCHA Alternative (CVE-2023-5135) , Jun 06, 2024
Super Page Cache for Cloudflare (CVE-2024-27968) , Jun 07, 2024
Cloudflare , Mar 27, 2026
New vulnerability
File Manager Pro &#8211; Filester , Mar 30, 2026
Simple Author Box , Mar 30, 2026
Customizable WordPress Gallery Plugin &#8211; Modula Image Gallery , Mar 30, 2026
Speed Optimizer &#8211; The All-In-One WordPress Performance-Boosting Plugin , Mar 30, 2026
Product Feed PRO for WooCommerce (CVE-2026-32443) , Mar 30, 2026