Skip to content

Updated CVE-2017-9841 with new eval-stdin.php paths#13991

Merged
Akokonunes merged 1 commit intoprojectdiscovery:mainfrom
us3r777:template_CVE-2017-9841
Nov 24, 2025
Merged

Updated CVE-2017-9841 with new eval-stdin.php paths#13991
Akokonunes merged 1 commit intoprojectdiscovery:mainfrom
us3r777:template_CVE-2017-9841

Conversation

@us3r777
Copy link
Copy Markdown
Contributor

@us3r777 us3r777 commented Nov 19, 2025

PR Information

Updated CVE-2017-9841 with new paths observed on the web.

Template validation

  • Validated with a host running a vulnerable version and/or configuration (True Positive)
  • Validated with a host running a patched version and/or configuration (avoid False Positive)

Additional Details (leave it blank if not applicable)

$ nuclei -t CVE-2017-9841.yaml -u http://172.17.0.3/ -vv

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.4.10

		projectdiscovery.io

[INF] Current nuclei version: v3.4.10 (latest)
[INF] Current nuclei-templates version: v10.3.1 (latest)
[INF] New templates added in latest release: 119
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[CVE-2017-9841] PHPUnit - Remote Code Execution (@random_robbie,@pikpikcu) [critical]
[CVE-2017-9841] [http] [critical] http://172.17.0.3/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php
[CVE-2017-9841] [http] [critical] http://172.17.0.3/vendor/phpunit/src/Util/PHP/eval-stdin.php
[CVE-2017-9841] [http] [critical] http://172.17.0.3/vendor/phpunit/Util/PHP/eval-stdin.php
[CVE-2017-9841] [http] [critical] http://172.17.0.3/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[CVE-2017-9841] [http] [critical] http://172.17.0.3/phpunit/phpunit/Util/PHP/eval-stdin.php
[CVE-2017-9841] [http] [critical] http://172.17.0.3/phpunit/src/Util/PHP/eval-stdin.php
[CVE-2017-9841] [http] [critical] http://172.17.0.3/phpunit/Util/PHP/eval-stdin.php
[CVE-2017-9841] [http] [critical] http://172.17.0.3/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[CVE-2017-9841] [http] [critical] http://172.17.0.3/lib/phpunit/phpunit/Util/PHP/eval-stdin.php
[CVE-2017-9841] [http] [critical] http://172.17.0.3/lib/phpunit/src/Util/PHP/eval-stdin.php
[CVE-2017-9841] [http] [critical] http://172.17.0.3/lib/phpunit/Util/PHP/eval-stdin.php
[CVE-2017-9841] [http] [critical] http://172.17.0.3/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

The env to reproduce the vulnerability was created using the following dockerfile:

FROM php:7.3.29-apache-bullseye

ADD flagA /etc/

RUN apt-get update; \
    apt-get install -y --no-install-recommends unzip zip git; \
    php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');";\
    php composer-setup.php;\
    mv composer.phar /usr/local/bin/composer; \
    chmod +x /usr/local/bin/composer; \
    cd /var/www/html; \
    composer require phpunit/phpunit:5.6.2; \
    apt-get purge --auto-remove -y unzip; \
    rm -rf /var/lib/apt/lists/*

EXPOSE 80

Additional References:

@Akokonunes Akokonunes merged commit 4b1a284 into projectdiscovery:main Nov 24, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DhiyaneshGeek DhiyaneshGeek Awaiting requested review from DhiyaneshGeek

Assignees

@ritikchaddha ritikchaddha

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@us3r777 @ritikchaddha @Akokonunes @us3r777-s1n