VYPR

Phpunit

by Phpunit Project

Source repositories

CVEs (3)

  • CVE-2017-9841CriKEVJun 27, 2017
    risk 0.80cvss 9.8epss 1.00

    Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the…

  • CVE-2026-41570HigMay 8, 2026
    risk 0.44cvss 7.8epss 0.00

    PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes (used for isolated/PHPT test execution) as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser…

  • CVE-2013-4744Jul 1, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the PHPUnit extension before 3.5.15 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.