Upgrade to at least version 4.8.28 or 5.6.3 . The patch replaced php://input with php://stdin , which cannot be accessed via web requests.
The patch for CVE-2022-0847 involves updating the eval-stdin.php script to properly sanitize user input. The patched version of the script can be found in PHPUnit version 9.5.0. vendor phpunit phpunit src util php eval-stdin.php cve
<?php system('id'); ?>