Open iamarogue opened 5 years ago
I am also getting this from Vault Press. Can we get a comment on this please. By default it is read only and non-executable but as the web user.
if the last line is supposed to be the offending file, then it's not from caldera. But it could have tripped on eval, if that is used for the calculation field.
What Version Of Caldera Forms, WordPress and PHP Are You Using?
WordPress Version: 5.1.1PHP Version: 7.1.25MySQL Version: 5.6.39Caldera Forms Version: 1.8.4WP_DEBUG:
What Is The Unexpected Behaviour?
I just got a VaultPress account and it detected a security issue with Caldera Forms:
VaultPress detected a new security issue on one of your sites, acreconsulting.ca. Our security scanners found 1 new security threats since the last email notification. Please visit the VaultPress security page for more details.
Suspicious Code
Our security scanners detected the following possible security issues. We recommend that you review the affected files.
PHP.Generic.BadPattern.5 This code pattern is often used to run a very dangerous shell programs on your server. The code in these files needs to be reviewed, and possibly cleaned.
Help Document
plugins/caldera-forms/vendor/pimple/pimple/src/Pimple/Container.php