Gửi #849414: mjperpinosa stumasy 327d1b0f2915ba79d7ef8ebb74553e987609d9be Code Injectionthông tin

tiêu đềmjperpinosa stumasy 327d1b0f2915ba79d7ef8ebb74553e987609d9be Code Injection
Mô tảThe affected component is `application/pages/imba_calculator/calculate.php`, an unauthenticated calculator endpoint. The endpoint decodes attacker-controlled JSON from `$_POST["mathematical_sentence"]` and evaluates each `value` member as PHP code: ```php $mathematical_sentence = $_POST["mathematical_sentence"]; $decoded_data = json_decode($mathematical_sentence, true); foreach($decoded_data as $data) { echo eval($data["value"]); } ``` An attacker can send arbitrary PHP statements such as `return file_get_contents("/etc/hostname");` and have them executed by the web server process. In deployments where command execution functions are enabled, this can lead to full remote command execution; even with command functions disabled, the bug allows arbitrary PHP code execution, local file reads, and application compromise.
Nguồn⚠️ https://github.com/mjperpinosa/stumasy/issues/5
Người dùng
 gscsd (UID 97914)
Đệ trình05/06/2026 14:44 (cách đây 29 ngày)
Kiểm duyệt04/07/2026 17:41 (29 days later)
Trạng tháiđược chấp nhận
Mục VulDB376338 [mjperpinosa stumasy đến 327d1b0f2915ba79d7ef8ebb74553e987609d9be calculate.php eval mathematical_sentence nâng cao đặc quyền]
điểm20

Do you want to use VulDB in your project?

Use the official API to access entries easily!