Skip to content

Discouraged eval() function

Low
yaBobJonez published GHSA-4xvp-35fx-hjjj May 25, 2020

Package

ForDevsS.php

Affected versions

0.6.14, 0.6.15, 0.7.0

Patched versions

None

Description

Impact

Only PCs where commands are manually executed via "For Developers" are affected. This function allows executing any PHP code within iPear which may change, damage, or steal data (files) from PC but only on the manual call of the function in the app.

Patches

Not currently patched. I'm currently looking for any safer alternatives to this function.

Workarounds

This won't affect your PC if you will not use the "For Developers" console. Just don't try to do anything via it.

References

PHP documentation on eval()

For more information

If you have any questions or comments about this advisory:

  • Comment below
  • Read more on the internet
  • Email me at yaBobJonez

Severity

Low

CVE ID

CVE-2020-11084

Weaknesses

No CWEs