Rapid7’s 2026 Global Cybersecurity Summit is now available on-demand.Watch sessions.
Rapid7

vulnerability

FreeBSD: VID-298829e2-ccce-11e7-92e4-000c29649f92 (CVE-2017-9841): mediawiki -- multiple vulnerabilities

Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Nov 19, 2017
Added
Nov 19, 2017
Modified
Jun 15, 2026

Description

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "less than?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.

Solutions

freebsd-upgrade-package-mediawiki127freebsd-upgrade-package-mediawiki128freebsd-upgrade-package-mediawiki129
Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.