Second_Order_SQL_Injection issue exists @ dvwa/includes/dvwaPage.inc.php in branch master
Method &dvwaSessionGrab at line 53 of dvwa\includes\dvwaPage.inc.php gets database data from the _SESSION_dvwa element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in a database query in method <?php at line 1 of vulnerabilities\captcha\source\high.php. This may enable an Second-Order SQL Injection attack.
cxdcox
commented
4 years ago
Second_Order_SQL_Injection issue exists @ dvwa/includes/dvwaPage.inc.php in branch master
Method &dvwaSessionGrab at line 53 of dvwa\includes\dvwaPage.inc.php gets database data from the _SESSION_dvwa element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in a database query in method <?php at line 1 of vulnerabilities\captcha\source\high.php. This may enable an Second-Order SQL Injection attack.
Severity: High
CWE:89
Checkmarx
Lines: 57
Code (Line #57):