jbruinaud
commented
4 years ago Issue still exists.
SUMMARY
Issue has total 1 vulnerabilities left to be fix (Please scroll to the top for more information)
Open jbruinaud opened 4 years ago
jbruinaud
commented
4 years ago Issue still exists.
Issue has total 1 vulnerabilities left to be fix (Please scroll to the top for more information)
Heuristic_Parameter_Tampering issue exists @ Content/SQLInjectionDiscovery.aspx.cs in branch master
Method btnFind_Click at line 23 of Content\SQLInjectionDiscovery.aspx.cs gets user input from element Text. This input is later concatenated by the application directly into a string variable containing SQL commands, without being validated. This string is then used in method GetEmailByCustomerNumber to query the database ExecuteScalar, at line 534 of App_Code\DB\MySqlDbProvider.cs, without any additional filtering by the database. This could allow the user to tamper with the filter parameter.
Severity: Low
CWE:472
Checkmarx
Lines: 27
Code (Line #27):