PHP eval() used on user input

Description

Manual confirmation is required for this alert.

This script is using the PHP function eval() on user input. If the user input is not properly validated, a remote user can supply a specially crafted input to pass arbitrary code to an eval() statement, which can results in code execution.

Remediation

Review the source code of this script and make sure user input is properly validated.

References