Description

Manual confirmation is required for this alert.

This script is using the PHP function eval() on user input. If the user input is not properly validated, a remote user can supply a specially crafted input to pass arbitrary code to an eval() statement, which can result in code execution.

Remediation

Review the source code of this script and make sure user input is properly validated.

References

Direct Dynamic Code Evaluation

Related Vulnerabilities

PHP HTTP POST incorrect MIME header parsing vulnerability

Webmin v1.920 Unauhenticated Remote Command Execution

WordPress Plugin Custom Content Type Manager Remote Code Execution (0.9.8.5)

ThinkPHP v5.0.22/5.1.29 Remote Code Execution Vulnerability

WordPress Plugin WP Hotel Booking Remote Code Execution (1.10.2)

Severity

Medium

Classification

CWE-95 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution