Description

This script is vulnerable to ASP code injection.

ASP code injection is a vulnerability that allows an attacker to inject custom code into the server side scripting engine. This vulnerability occurs when an attacker can control all or part of an input string that is fed into an eval() statement, which results in code execution.

Remediation

Your script should properly sanitize user input.

References

Direct Dynamic Code Evaluation ('Eval Injection')

Related Vulnerabilities

Drupal Core 8.4.x Remote Code Execution (8.4.0 - 8.4.5)

OpenX 2.8.10 backdoor

WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Remote Code Execution (5.0.0)

Apache Struts Remote Code Execution (S2-057)

WordPress Plugin WP-Live Chat by 3CX Remote Code Execution (7.0.01)

Severity

Critical

Classification

CWE-95 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution