Description

The eval function is used with the input of request data, such as url params or request headers, this data is not properly validated and can lead to statements being injected to execute commands on the server.

Impact

- Execute commands on the server. - Send expressions that saturate the server.

Recommendation

Perform validations over user data entry.

Threat

Attacker authenticated from the Internet.

Expected Remediation Time

⏱️ 120 minutes.

Requirements

Fixes