The script reads php://stdin , which in a web context reads the HTTP request body, then executes the code.

Do not exploit it. Report it responsibly.

) to run commands directly on your server. This can lead to: vulhub/phpunit/CVE-2017-9841/README.md at master - GitHub

: Never commit your vendor folder to version control.