Description

This script is vulnerable to PHP code injection.

PHP code injection is a vulnerability that allows an attacker to inject custom code into the server side scripting engine. This vulnerability occurs when an attacker can control all or part of an input string that is fed into an eval() function call. Eval will execute the argument as code.

Remediation

Your script should properly sanitize user input.

References

Dynamic Evaluation Vulnerabilities in PHP applications

OWASP PHP Top 5

Related Vulnerabilities

WordPress Plugin open-flash-chart-core Remote Code Execution (0.4)

WordPress Plugin Yoast SEO Possible Remote Code Execution (9.1.0)

Apache Log4j2 JNDI Remote Code Execution (404 page handler)

Joomla! JomSocial remote code execution

ColdFusion Access Control bypass with WDDX Deserialization RCE (CVE-2023-29298/CVE-2023-29300)

Severity

Critical

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution