Audit required: Use of insecure eval() function found PHP-A1000
Security
Critical
a03
cwe-20
cwe-79
cwe-1004
sans top 25
owasp top 10
cwe-95
eval() function allows execution of an arbitrary PHP code. Executing code dynamically is security-sensitive and should be avoided.
In past it has led to the following vulnerabilities:
Thus usage of each occurrence of eval() should be audited properly before pushing to production.
Please also ensure that you're not dynamically executing code from untrusted sources (i.e., user input). If you need to do it, run the code in a sandboxed environment, or, you can use libraries like symfony/expression-language, madorin/matex, etc. to compile and evaluate expressions.