Description

Manual confirmation is required for this alert.

This script is using the PHP function eval() on user input. If the user input is not properly validated, a remote user can supply a specially crafted input to pass arbitrary code to an eval() statement, which can result in code execution.

Remediation

Review the source code of this script and make sure user input is properly validated.

References

Direct Dynamic Code Evaluation

Related Vulnerabilities

Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.5)

Oracle ADF Faces 'Miracle' RCE (CVE-2022-21445)

Drupal Core 7.x Remote Code Execution (7.0 - 7.57)

Apache 2.2.14 mod_isapi Dangling Pointer

Citrix ADC/Gateway Unauthenticated Remote Code Execution

Severity

Medium

Classification

CWE-95 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution