Insecure captcha to RCE? [closed]


i have found a simple script php with untrusted user input to make a captcha I would like to know if this practice can lead to a code exuction or os command injection ?

The user input looks like this :

https://x.com/x.php?captcha=YToyOntzOjY6ImFjdGlvbiI7czoxNDoiUG9ydGFsLmNhcHRjaGEiO3M6NjoicGFyYW1zIjthOjU6e3M6NToid2lkdGgiO2k6MTMwO3M6NjoiaGVpZ2h0IjtpOjMwO3M6ODoiZm9udHNpemUiO2k6MTY7czo1OiJiZ2NvbCI7czo2OiJGRkZGRkYiO3M6NToiZmdjb2wiO3M6NjoiMjAyMDgwIjt9fQ==&sid=eeb0f20778cfbba2c4fd8d6c125f6e06 

enter image description here

The paramater captcha is encoded with base64 and when i decode this is a array serialized

a:2:{s:6:"action";s:14:"Portal.captcha";s:6:"params";a:5:{s:5:"width";i:130;s:6:"height";i:30;s:8:"fontsize";i:16;s:5:"bgcol";s:6:"FFFFFF";s:5:"fgcol";s:6:"202080";}} 

When i unsezialised this, it’s look like this

Array (     [action] => Portal.captcha     [params] => Array         (             [width] => 130             [height] => 30             [fontsize] => 16             [bgcol] => FFFFFF             [fgcol] => 202080         )  ) 

This array is used for make the captcha, but i dont how be the php code make the captcha image, with a librarie ? with php function ? with a remote command ?

I have try to change the color from the image and is works

enter image description here

$  Array['params']['bgcol'] =  '439a00'; 

I have try to change a str value to integer and the captcha background color is black

$  ARRAY['params']['bgcol'] =  1; 

But when i add manualy bad chars into a parameter value array like this, and manualy encode with the base64

a:2:{s:6:"action";s:14:"Portal.captcha";s:6:"params";a:5:{s:5:"width";i:130;s:6:"height";i:30;s:8:"fontsize";i:16;s:5:"bgcol";s:6:"FFFFFF";s:5:"fgcol";s:6:&"'{};;}} 

enter image description here

The request return Call is not captcha function

my question is, this captcha generator can lead to a vulnerabilities ?what vulnerabilites ?

Thank you for help and sorry for my bad english

good bye