CX Command_Injection @ or-reserve.php [master]

cxronen commented 4 years ago

Command_Injection issue exists @ or-reserve.php in branch master

The application's <?php method calls an OS (shell) command with mail, at line 1 of or-reserve.php, using an untrusted string with the command to execute. This could allow an attacker to inject an arbitrary command, and enable a Command Injection attack. The attacker may be able to inject the executed command via user input, _POST, which is retrieved by the application in the <?php method, at line 1 of or-reserve.php.

Severity: High

CWE:77

Checkmarx

Lines: 26 45

Code (Line #26):

    $altusername = (isset($_POST["altusername"])?$_POST["altusername"]:"");

Code (Line #45):

                $ofvalues[$optionalfield["optionformname"]] = mysql_real_escape_string(isset($_POST[$optionalfield["optionformname"]])?$_POST[$optionalfield["optionformname"]]:"");

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen commented 4 years ago

Issue still exists.

cxronen / OpenRoom

CX Command_Injection @ or-reserve.php [master] #76