CX Second_Order_SQL_Injection @ admin/report-cancelmonthly.php [master]

cxronen commented 4 years ago

Second_Order_SQL_Injection issue exists @ admin/report-cancelmonthly.php in branch master

Method <?php at line 1 of admin\report-cancelmonthly.php gets database data from the mysql_fetch_array element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in a database query in method <?php at line 1 of admin\report-cancelmonthly.php. This may enable an Second-Order SQL Injection attack.

Severity: High

CWE:89

Checkmarx

Lines: 80

Code (Line #80):

                while($room = mysql_fetch_array($rooms)){

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

cxronen / OpenRoom

CX Second_Order_SQL_Injection @ admin/report-cancelmonthly.php [master] #54

SUMMARY