CX CSRF @ src/main/java/org/cysecurity/cspf/jvl/controller/Install.java [refs/heads/master]

[github-actions[bot]]

CSRF issue exists @ src/main/java/org/cysecurity/cspf/jvl/controller/Install.java in branch refs/heads/master

Method processRequest at line 60 of src\main\java\org\cysecurity\cspf\jvl\controller\Install.java gets a parameter from a user request from ""adminuser"". This parameter value flows through the code and is eventually used to access application state altering functionality. This may enable Cross-Site Request Forgery (CSRF).

Severity: Medium

CWE:352

Vulnerability details and guidance

Checkmarx

Training Recommended Fix

Lines: 54 56 57 58 60 61

---

Code (Line #54):

        dburl = request.getParameter("dburl");

---

Code (Line #56):

        dbuser = request.getParameter("dbuser");

---

Code (Line #57):

        dbpass = request.getParameter("dbpass");

---

Code (Line #58):

        dbname = request.getParameter("dbname");

---

Code (Line #60):

        adminuser= request.getParameter("adminuser");

---

Code (Line #61):

        adminpass= HashMe.hashMe(request.getParameter("adminpass"));

---

[github-actions[bot]]

Issue still exists.