Description
This script is vulnerable to PHP code injection.
PHP code injection is a vulnerability that allows an attacker to inject custom code into the server side scripting engine. This vulnerability occurs when an attacker can control
all or part of an input string that is fed into an eval() function call. Eval will execute the argument as code.
Remediation
Your script should properly sanitize user input.
References
Related Vulnerabilities
PHP 4.3.0 file disclosure and possible code execution
AjaxPro.NET Professional Deserialization RCE (CVE-2021-23758)
WordPress Plugin File Manager Remote Code Execution (4.5)
Palo Alto PAN-OS Management Interface Auth Bypass (CVE-2024-0012/CVE-2024-9474)
WordPress Plugin PropertyHive Remote Code Execution (1.4.25)