CX File_Disclosure @ vulnerabilities/view_help.php [master]

kmcdon83 / DVWA

Damn Vulnerable Web Application (DVWA)

http://dvwa.co.uk

GNU General Public License v3.0

0 stars 1 forks source link

CX File_Disclosure @ vulnerabilities/view_help.php [master] #15

Open ghost opened 3 years ago

ghost commented 3 years ago

File_Disclosure issue exists @ vulnerabilities/view_help.php in branch master

The input obtained via <?php in the file vulnerabilities\view_help.php at line 1 is used to determine the file to be read by <?php in the file vulnerabilities\view_help.php at line 1, potentially disclosing the contents of that file.

Severity: High

CWE:538

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training Recommended Fix

Lines: 11

Code (Line #11):

$id       = $_GET[ 'id' ];

ghost commented 3 years ago

Issue still exists.

ghost commented 3 years ago

Issue still exists.

ghost commented 3 years ago

Issue still exists.

ghost commented 3 years ago

Issue still exists.