DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now

smalos / nubuilder_dev

Audit required: Use of insecure eval() function found PHP-A1000
Security
Critical
13 occurrences in this check
a03 cwe-20 cwe-79 cwe-1004 sans top 25 owasp top 10 cwe-95
Use of insecure eval() function found
core/nuupload.php
46
47        $code = nuProcedure($proc);
48        if ($code != '') {
49            eval($code);50            return $result;
51        } else {
52            throw new Exception('Unknown Procedure Name');
Use of insecure eval() function found
core/nusession.php
11    $p		= nuProcedure($procedure);
12    $error	= '';
13    if ($p != '') {
14        eval($p);15        if ($error != '') {
16            nuDie($error);
17        }
Use of insecure eval() function found
core/nuprocessssologins.php
132    // (If it does not exist, an error will be generated).
133    $p		= nuProcedure("DETERMINE_ACCESS_LEVEL_FOR_FIRST_SSO_LOGIN");
134    if ($p != '') {
135        eval($p);136        if ($error != '') {
137            nuDie($error);
138        }
Use of insecure eval() function found
core/nuform.php
 470        if (strpos($p, $functionName) !== false) {
 471            $body = nuExtractFunctionBody($functionName, $p);
 472            if ($body != null) {
 473                eval($body); 474            }
 475        }
 476    }
Use of insecure eval() function found
core/nuform.php
  15
  16    $p	= nuProcedure('nuBeforeBrowse');
  17    if ($p != '') {
  18        eval($p);  19    }
  20    if (count($_POST['nuErrors']) > 0) {
  21        return;
Use of insecure eval() function found
core/nuform.php
 104    if ($recordID != '') {
 105        $p = nuProcedure('nuBeforeEdit');
 106        if ($p != '') {
 107            eval($p); 108        }
 109        if (count($_POST['nuErrors']) > 0) {
 110            return;
Use of insecure eval() function found
core/nudatabase.php
469
470    $proc	= nuProcedure('NUDEBUGRESULTADDED');
471    if ($proc != '') {
472        eval($proc);473    }
474
475    return $nuDebugId;
Use of insecure eval() function found
core/nudata.php
543{
544    $p = nuProcedure('nuBeforeDelete');
545    if ($p != '') {
546        eval($p);547    }
548    if (nuHasErrors()) {
549        return false;
Use of insecure eval() function found
core/nudata.php
557    // Global Before Save event
558    $proc = nuProcedure('nuBeforeSave');
559    if ($proc != '') {
560        eval($proc);561    }
562    if (nuHasErrors()) {
563        return false;
Use of insecure eval() function found
core/nudata.php
581    $proc = nuProcedure($procName);
582
583    if ($proc) {
584        eval($proc);585    }
586
587    if (nuHasErrors()) {
Use of insecure eval() function found
core/nucommon.php
1313    $nudata = $nuDataSet ? $_POST['nudata'] : '';
1314
1315    try {
1316        eval($php);1317    } catch(Throwable $e) {
1318        nuExceptionHandler($e, $code);
1319    } catch(Exception $e) {
Use of insecure eval() function found
core/nucommon.php
1056        $P			 = '$sql = "CREATE TABLE '.$tt.' '.$p.'";';
1057        $P			.= 'nuRunQuery($sql);';
1058
1059        eval($P);1060    }
1061}
1062
Use of insecure eval() function found
core/nucommon.php
1032    if ($x[0] == 'TABLE') {
1033        $P			= "	nuRunQuery('CREATE TABLE $tt SELECT * FROM $id');;";
1034
1035        eval($P);1036    }
1037
1038    if ($x[0] == 'SQL') {