CX Second_Order_SQL_Injection @ admin/customfields.php [master]

[cxronen]

Second_Order_SQL_Injection issue exists @ admin/customfields.php in branch master

Method <?php at line 1 of admin\customfields.php gets database data from the mysql_fetch_array element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in a database query in method <?php at line 1 of admin\customfields.php. This may enable an Second-Order SQL Injection attack.

Severity: High

CWE:89

Checkmarx

Lines: 112 115 101 104 26 29

---

Code (Line #112):

                $thisop = mysql_fetch_array(mysql_query("SELECT * FROM optionalfields WHERE optionformname='". $optionformname ."';"));

---

Code (Line #115):

                    $nextop = mysql_fetch_array(mysql_query("SELECT * FROM optionalfields WHERE optionorder=". ($thispos - 1) .";"));

---

Code (Line #101):

                $thisop = mysql_fetch_array(mysql_query("SELECT * FROM optionalfields WHERE optionformname='". $optionformname ."';"));

---

Code (Line #104):

                    $nextop = mysql_fetch_array(mysql_query("SELECT * FROM optionalfields WHERE optionorder=". ($thispos + 1) .";"));

---

Code (Line #26):

                $record = mysql_fetch_array(mysql_query("SELECT * FROM optionalfields WHERE optionformname='". $optionformname ."';"));

---

Code (Line #29):

                    while($arec = mysql_fetch_array($allrecs)){

---

[cxronen]

Issue still exists.

[cxronen]

Issue still exists.

[cxronen]

Issue still exists.

[cxronen]

Issue still exists.

[cxronen]

Issue still exists.

[cxronen]

Issue still exists.

[cxronen]

Issue still exists.

[cxronen]

Issue still exists.

[cxronen]

Issue still exists.

[cxronen]

Issue still exists.

SUMMARY

Issue has 6 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)