This script is vulnerable to PHP code injection.
PHP code injection is a vulnerability that allows an attacker to inject custom code into the server side scripting engine. This vulnerability occurs when an attacker can control all or part of an input string that is fed into an eval() function call. Eval will execute the argument as code.
- Your script should properly sanitize user input.
- WordPress 'wp-admin/options.php' Remote Code Execution Vulnerability (0.6.2 - 2.3.2)
- PHP eval() used on user input
- MovableType remote code execution
- WordPress Plugin Arigato Autoresponder and Newsletter Remote Code Execution (22.214.171.124)
- WordPress Plugin Custom Content Type Manager Remote Code Execution (0.9.8.5)