Skip to content

Latest commit

 

History

History
17 lines (11 loc) · 318 Bytes

TaintedEval.md

File metadata and controls

17 lines (11 loc) · 318 Bytes

TaintedEval

Emitted when user-controlled input can be passed into an eval call.

Passing untrusted user input to eval calls is dangerous, as it allows arbitrary data to be executed on your server.

<?php

$name = $_GET["name"];

evalCode($name);

function evalCode(string $name) {
    eval($name);
}