nyx/tests/dynamic_fixtures/php_frameworks/codeigniter/vuln.php

<?php
// Phase 16 — CodeIgniter-style route, vulnerable.
// `$routes->get('run', 'UserController::run')` references the
// controller method whose body shells out without sanitisation.

use CodeIgniter\Router\RouteCollection;

$routes->get('run', 'UserController::run');

class UserController extends BaseController
{
    public function run($payload)
    {
        echo "__NYX_SINK_HIT__\n";
        $cmd = "echo hello " . $payload;
        $out = shell_exec($cmd);
        echo $out;
        return $out;
    }
}
[pitboss] phase 16: Track L.14 — Laravel / Symfony / CodeIgniter adapters 2026-05-18 16:33:19 -05:00			`<?php`
			`// Phase 16 — CodeIgniter-style route, vulnerable.`
			// `$routes->get('run', 'UserController::run')` references the
			`// controller method whose body shells out without sanitisation.`

			`use CodeIgniter\Router\RouteCollection;`

			`$routes->get('run', 'UserController::run');`

			`class UserController extends BaseController`
			`{`
			`public function run($payload)`
			`{`
			`echo "__NYX_SINK_HIT__\n";`
			`$cmd = "echo hello " . $payload;`
			`$out = shell_exec($cmd);`
			`echo $out;`
			`return $out;`
			`}`
			`}`