Vendor Phpunit Phpunit Src Util Php Eval-stdin.php Cve Jun 2026

Night had a way of pulling secrets out of code.

The critical oversight: No authentication, no IP whitelisting, no php_sapi_name() check to ensure it runs via CLI. When exposed to a web server, it transforms into an unrestricted RCE gadget. vendor phpunit phpunit src util php eval-stdin.php cve