CNNVD-202601-4448 Information
CNNVD ID
CNNVD-202601-4448
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
PHPUnit是Sebastian Bergmann个人开发者的一个PHP单元测试框架。 PHPUnit 12.5.8之前版本、11.5.50之前版本、10.5.62之前版本、9.6.33之前版本和8.5.52之前版本存在代码问题漏洞,该漏洞源于PHPT测试执行中代码覆盖率数据的不安全反序列化,可能导致远程代码执行。
Description (English)
PHPUnit is a PHP module test framework for Sebastian Bergmann ’ s personal developer. Pre-PHPUnit 12.5.8, pre-11.5.50, pre- 10.5.62, pre-9.6.33 and pre-8.552 have code problem gaps, which stem from the unsafe inverse sequence of data on code coverage under PHPT testing and may lead to remote code execution.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
个人开发者
Published
2026-01-27
Last Modified
2026-02-24
References
https://github.com/sebastianbergmann/phpunit/commit/3141742e00620e2968d3d2e732d320de76685fda https://github.com/sebastianbergmann/phpunit/releases/tag/10.5.63 https://github.com/sebastianbergmann/phpunit/releases/tag/11.5.50 https://github.com/sebastianbergmann/phpunit/releases/tag/12.5.8 https://github.com/sebastianbergmann/phpunit/releases/tag/8.5.52 https://github.com/sebastianbergmann/phpunit/releases/tag/9.6.33 https://github.com/sebastianbergmann/phpunit/security/advisories/GHSA-vvj3-c3rp-c85p