: The script uses eval() on raw data from php://input . An attacker can send a HTTP POST request with malicious PHP code starting with
If you are running PHPUnit in a production environment, PHPUnit is a development tool and has no place on a live production server. index of vendor phpunit phpunit src util php evalstdinphp
: Bots are scanning your site to see if the /vendor/ folder is publicly accessible and if you are running an outdated, vulnerable version of PHPUnit. : The script uses eval() on raw data from php://input