General Information

PHP Code Injection

Variants:
Direct Persistent Session 

Also Known As:
PHP Dynamic Code Evaluation

Vector Type:
Attack

Relevance:
Technology Specific

Layer:
Application-Level

Platforms:
PHP

Target Type:
Web Application

Affected Mechanisms:
Input Validation, Syntax Escaping

Invented In:
25/04/2005

Added In:
17/12/2014

Quick Introduction to the Topic:


Vector Operation Method:
Malicious inputs can affect the structure of server-side PHP code which is generated dynamically


Direct Variant:

PHP Injection

Also Known As:
PHP Dynamic Code Evaluation

Typical Severity:
Critical

Learn More:



Persistent Variant:

Stored PHP Injection

Also Known As:
Persistent PHP Injection

Typical Severity:
Critical

Resources:

White Papers:

Learn More:


Session Variant:

PHP Injection via Session Puzzling

Also Known As:
Session PHP Injection

Typical Severity:
Critical

Resources:

White Papers:

Learn More: