Drupal Sites Exploited Using Vulnerability in PHPUnit (CVE-20

Drupal Sites Exploited Using Vulnerability in PHPUnit (CVE-2017-9841)

The Drupal Security team published a public service announcement (PSA) on September 4 cautioning Drupal users of active exploitation attempts against Drupal sites using a vulnerability patched nearly three years ago.

CVE-2017-9841 is a code injection vulnerability in PHPUnit, a PHP testing framework used by the Mailchimp API in both the Mailchimp and Mailchimp E-Commerce Drupal modules. Even Drupal sites that previously installed these modules may still be vulnerable to attacks due to the presence of a leftover artifact.

Details about the exploitation of this vulnerability were revealed by a group called Vulnbusters in June 2017 via an advisory on their now-defunct website.

For more information about this vulnerability, including information about the patched versions, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

Drupal Sites Exploited Using Vulnerability in PHPUnit (CVE-20

2 Replies

Recent Discussions

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

CVE-2025-14847 (MongoBleed): MongoDB Memory Leak Vulnerability Exploited in the Wild

CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited

Microsoft Patch Tuesday 2025 Year in Review

Americas

Europe

Asia / Australia