If you are researching this CVE for a penetration test or audit, you can safely test for its presence by sending a harmless PHP payload like <?php echo 'test'; ?> and checking for the output. However, always ensure you have proper authorization before testing.
eval('?>' . file_get_contents('php://stdin'));
The vulnerable PHPUnit instance will execute the malicious input, resulting in the output:
The keyword refers to one of the most persistent and scanned-for security flaws in the PHP ecosystem: CVE-2017-9841 .
https://victim.com/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
The flaw exists because the Util/PHP/eval-stdin.php file (often found at /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php ) processes raw POST data using eval() without proper sanitization.