Cve - Vendor Phpunit Phpunit Src Util Php Eval-stdin.php

composer require phpunit/phpunit:">=5.6.3"

An attacker can send:

If successful, the server executes system('id') , returning the user ID running the web server process (e.g., www-data ), giving the attacker control over the server. vendor phpunit phpunit src util php eval-stdin.php cve