Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
Using assert() with variables that may contain user input is dangerous because assert() will evaluate the input as PHP code. This can allow attackers to execute arbitrary code on your server if they can control the input passed to assert().
Impact#
If exploited, an attacker could run malicious PHP code, leading to full system compromise, data theft, or service disruption. This vulnerability could allow unauthorized access, modification, or destruction of sensitive data and resources within your application.