eval()function found PHP-A1000
eval() function allows execution of an arbitrary PHP code. Executing code dynamically is security-sensitive and should be avoided.
In past it has led to the following vulnerabilities:
Thus usage of each occurrence of
eval() should be audited properly before pushing to production.
Please also ensure that you're not dynamically executing code from untrusted sources (i.e., user input). If you need to do it, run the code in a sandboxed environment, or, you can use libraries like symfony/expression-language, madorin/matex, etc. to compile and evaluate expressions.