search

cxronen / OpenRoom

Other
0 stars 0 forks source link

CX SQL_Injection @ admin/email.php [master] #66

Open cxronen opened 4 years ago

cxronen commented 4 years ago

SQL_Injection issue exists @ admin/email.php in branch master

Method <?php at line 1 of admin\email.php gets user input from the _REQUEST element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in a database query in method <?php at line 1 of admin\email.php. This may enable an SQL Injection attack.

Severity: High

CWE:89

Checkmarx

Lines: 128 129 114 99 164 84 69 54 151 39 24 138

Code (Line #128):

                $email_condition = isset($_REQUEST["email_condition"])?$_REQUEST["email_condition"]:"";

Code (Line #129):

                $email_condition_value = isset($_REQUEST["email_condition_value"])?$_REQUEST["email_condition_value"]:"";

Code (Line #114):

                $email_system = isset($_REQUEST["email_system"])?$_REQUEST["email_system"]:"";

Code (Line #99):

                $email_can_gef = isset($_REQUEST["email_can_gef"])?$_REQUEST["email_can_gef"]:"";

Code (Line #164):

                $email_cond_gef = isset($_REQUEST["email_cond_gef"])?$_REQUEST["email_cond_gef"]:"";

Code (Line #84):

                $email_can_terse = isset($_REQUEST["email_can_terse"])?$_REQUEST["email_can_terse"]:"";

Code (Line #69):

                $email_can_verbose = isset($_REQUEST["email_can_verbose"])?$_REQUEST["email_can_verbose"]:"";

Code (Line #54):

                $email_res_gef = isset($_REQUEST["email_res_gef"])?$_REQUEST["email_res_gef"]:"";

Code (Line #151):

                $email_cond_terse = isset($_REQUEST["email_cond_terse"])?$_REQUEST["email_cond_terse"]:"";

Code (Line #39):

                $email_res_terse = isset($_REQUEST["email_res_terse"])?$_REQUEST["email_res_terse"]:"";

Code (Line #24):

                $email_res_verbose = isset($_REQUEST["email_res_verbose"])?$_REQUEST["email_res_verbose"]:"";

Code (Line #138):

                $email_cond_verbose = isset($_REQUEST["email_cond_verbose"])?$_REQUEST["email_cond_verbose"]:"";
cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

SUMMARY

Issue has 12 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)