search

kmcdon83 / DVWA

Damn Vulnerable Web Application (DVWA)
http://dvwa.co.uk
GNU General Public License v3.0
0 stars 1 forks source link

CX SQL_Injection @ vulnerabilities/sqli_blind/source/impossible.php [master] #14

Open ghost opened 4 years ago

ghost commented 4 years ago

SQL_Injection issue exists @ vulnerabilities/sqli_blind/source/impossible.php in branch master

Method <?php at line 1 of vulnerabilities\sqli_blind\source\impossible.php gets user input from the _GET element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in a database query in method <?php at line 1 of vulnerabilities\sqli_blind\source\impossible.php. This may enable an SQL Injection attack.

Severity: High

CWE:89

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training Recommended Fix

Lines: 8

Code (Line #8):

    $id = $_GET[ 'id' ];
ghost commented 4 years ago

Issue still exists.

ghost commented 4 years ago

Issue still exists.

ghost commented 4 years ago

Issue still exists.

ghost commented 4 years ago

Issue still exists.