| Título | mjperpinosa stumasy 327d1b0f2915ba79d7ef8ebb74553e987609d9be Code Injection |
|---|
| Descrição | The affected component is `application/pages/imba_calculator/calculate.php`, an unauthenticated calculator endpoint. The endpoint decodes attacker-controlled JSON from `$_POST["mathematical_sentence"]` and evaluates each `value` member as PHP code:
```php
$mathematical_sentence = $_POST["mathematical_sentence"];
$decoded_data = json_decode($mathematical_sentence, true);
foreach($decoded_data as $data) {
echo eval($data["value"]);
}
```
An attacker can send arbitrary PHP statements such as `return file_get_contents("/etc/hostname");` and have them executed by the web server process. In deployments where command execution functions are enabled, this can lead to full remote command execution; even with command functions disabled, the bug allows arbitrary PHP code execution, local file reads, and application compromise. |
|---|
| Fonte | ⚠️ https://github.com/mjperpinosa/stumasy/issues/5 |
|---|
| Utilizador | gscsd (UID 97914) |
|---|
| Submissão | 05/06/2026 14h44 (há 29 dias) |
|---|
| Moderação | 04/07/2026 17h41 (29 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 376338 [mjperpinosa stumasy até 327d1b0f2915ba79d7ef8ebb74553e987609d9be calculate.php eval mathematical_sentence Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|