This script is possibly vulnerable to code execution attacks.
Code injection vulnerabilities occur where the output or content served from a Web application can be manipulated in such a way that it triggers server-side code execution. In some poorly written Web applications that allow users to modify server-side files (such as by posting to a message board or guestbook) it is sometimes possible to inject code in the scripting language of the application itself.
- Your script should filter metacharacters from user input.
- WordPress Plugin Robo Gallery-Photo Gallery and Images Gallery Remote Code Execution (2.0.14)
- WordPress 2.0.2 Username Remote PHP Code Injection Vulnerability (0.6.2 - 2.0.2)
- ColdFusion AMF Deserialization RCE
- TinyMCE ajax_create_folder remote code execution vulnerability
- Drupal Remote Code Execution (SA-CORE-2018-004)