Insecure captcha to RCE? [closed]

i have found a simple script php with untrusted user input to make a captcha I would like to know if this practice can lead to a code exuction or os command injection ?

The user input looks like this : 

enter image description here

The paramater captcha is encoded with base64 and when i decode this is a array serialized


When i unsezialised this, it’s look like this

Array (     [action] => Portal.captcha     [params] => Array         (             [width] => 130             [height] => 30             [fontsize] => 16             [bgcol] => FFFFFF             [fgcol] => 202080         )  ) 

This array is used for make the captcha, but i dont how be the php code make the captcha image, with a librarie ? with php function ? with a remote command ?

I have try to change the color from the image and is works

enter image description here

$  Array['params']['bgcol'] =  '439a00'; 

I have try to change a str value to integer and the captcha background color is black

$  ARRAY['params']['bgcol'] =  1; 

But when i add manualy bad chars into a parameter value array like this, and manualy encode with the base64


enter image description here

The request return Call is not captcha function

my question is, this captcha generator can lead to a vulnerabilities ?what vulnerabilites ?

Thank you for help and sorry for my bad english

good bye