search

kmcdon83 / DVWA

Damn Vulnerable Web Application (DVWA)
http://dvwa.co.uk
GNU General Public License v3.0
0 stars 1 forks source link

CX SQL_Injection @ vulnerabilities/brute/source/low.php [master] #13

Open ghost opened 4 years ago

ghost commented 4 years ago

SQL_Injection issue exists @ vulnerabilities/brute/source/low.php in branch master

Method <?php at line 1 of vulnerabilities\brute\source\low.php gets user input from the _GET element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in a database query in method <?php at line 1 of vulnerabilities\brute\source\low.php. This may enable an SQL Injection attack.

Severity: High

CWE:89

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training Recommended Fix

Lines: 5

Code (Line #5):

    $user = $_GET[ 'username' ];
ghost commented 4 years ago

Issue still exists.

ghost commented 4 years ago

Issue still exists.

ghost commented 4 years ago

Issue still exists.

ghost commented 4 years ago

Issue still exists.