search

cxronen / OpenRoom

Other
0 stars 0 forks source link

CX Second_Order_SQL_Injection @ or-reserve.php [master] #74

Open cxronen opened 4 years ago

cxronen commented 4 years ago

Second_Order_SQL_Injection issue exists @ or-reserve.php in branch master

Method <?php at line 1 of or-reserve.php gets database data from the _SESSION_username element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in a database query in method <?php at line 1 of or-reserve.php. This may enable an Second-Order SQL Injection attack.

Severity: High

CWE:89

Checkmarx

Lines: 358 7 365

Code (Line #358):

                        $id_a = mysql_fetch_array($id_res);

Code (Line #7):

$username = isset($_SESSION["username"])?$_SESSION["username"]:"";

Code (Line #365):

                                $opt_name_a = mysql_fetch_array($opt_name_res);
cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.