CX Privacy_Violation @ App_Code/DB/SqliteDbProvider.cs [master]

[jbruinaud]

Privacy_Violation issue exists @ App_Code/DB/SqliteDbProvider.cs in branch master

Method UpdateCustomerPassword at line 259 of App_Code\DB\SqliteDbProvider.cs sends user information outside the application. This may constitute a Privacy Violation.

Severity: Medium

CWE:359

Checkmarx

Lines: 261

---

Code (Line #261):

            string sql = "update CustomerLogin set password = '" + Encoder.Encode(password) + "' where customerNumber = " + customerNumber;

---

[jbruinaud]

Issue still exists.

SUMMARY

Issue has total 1 vulnerabilities left to be fix (Please scroll to the top for more information)