From there, the attacker escalates quickly:
The vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php exploit is a textbook case of a development artifact becoming a production nightmare. A single eval() on unsanitized input, exposed to the web, leads to complete server takeover. vendor phpunit phpunit src util php eval-stdin.php exploit