This indicates an attack attempt against a Remote Code Execution vulnerability in PHPUnit.
The vulnerability, which is located in Util/PHP/eval-stdin.php, can be exploited via a HTTP POST request. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application.
FortiGuard Labs continue to observe widespread activity of Androxgh0st Malware in the wild exploiting multiple vulnerabilities, specifically targeting- the PHPUnit (CVE-2017-9841), Laravel Framework (CVE-2018-15133) and Apache Web Server (CVE-2021-41773) to spread and conduct information gathering attacks on the target networks
PHPUnit before 4.8.28 and 5.x before 5.6.3
System Compromise: Remote attacker can gain control of vulnerable systems.
Apply the most recent upgrade or patch from the vendor.
|IPS (Regular DB)
|IPS (Extended DB)