Second_Order_SQL_Injection issue exists @ dvwa/includes/dvwaPage.inc.php in branch master
Method &dvwaSessionGrab at line 53 of dvwa\includes\dvwaPage.inc.php gets database data from the _SESSION_dvwa element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in a database query in method <?php at line 1 of vulnerabilities\captcha\source\medium.php. This may enable an Second-Order SQL Injection attack.
Second_Order_SQL_Injection issue exists @ dvwa/includes/dvwaPage.inc.php in branch master
Method &dvwaSessionGrab at line 53 of dvwa\includes\dvwaPage.inc.php gets database data from the _SESSION_dvwa element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in a database query in method <?php at line 1 of vulnerabilities\captcha\source\medium.php. This may enable an Second-Order SQL Injection attack.
Severity: High
CWE:89
Vulnerability details and guidance
Internal Guidance
Checkmarx
Training Recommended Fix
Lines: 57
Code (Line #57):