Parameter_Tampering issue exists @ vulnerabilities/brute/source/impossible.php in branch master
Method <?php at line 1 of vulnerabilities\brute\source\impossible.php gets user input from element _POST. This input is later concatenated by the application directly into a string variable containing SQL commands, without being validated. This string is then used in method <?php to query the database bindParam, at line 1 of vulnerabilities\brute\source\impossible.php, without any additional filtering by the database. This could allow the user to tamper with the filter parameter.
cxdcox
commented
4 years ago
Parameter_Tampering issue exists @ vulnerabilities/brute/source/impossible.php in branch master
Method <?php at line 1 of vulnerabilities\brute\source\impossible.php gets user input from element _POST. This input is later concatenated by the application directly into a string variable containing SQL commands, without being validated. This string is then used in method <?php to query the database bindParam, at line 1 of vulnerabilities\brute\source\impossible.php, without any additional filtering by the database. This could allow the user to tamper with the filter parameter.
Severity: Medium
CWE:472
Checkmarx
Lines: 8
Code (Line #8):