This indicates an attack attempt against a Remote Code Execution vulnerability in PHPUnit.
The vulnerability, which is located in Util/PHP/eval-stdin.php, can be exploited via a HTTP POST request. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application.

description-logoOutbreak Alert

FortiGuard Labs continue to observe widespread activity of Androxgh0st Malware in the wild exploiting multiple vulnerabilities, specifically targeting- the PHPUnit (CVE-2017-9841), Laravel Framework (CVE-2018-15133) and Apache Web Server (CVE-2021-41773) to spread and conduct information gathering attacks on the target networks

View the full Outbreak Alert Report

affected-products-logoAffected Products

PHPUnit before 4.8.28 and 5.x before 5.6.3

Impact logoImpact

System Compromise: Remote attacker can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.

Telemetry logoTelemetry


IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-04-09 15.814 Sig Added