search

kmcdon83 / DVWA

Damn Vulnerable Web Application (DVWA)
http://dvwa.co.uk
GNU General Public License v3.0
0 stars 1 forks source link

CX File_Manipulation @ external/phpids/0.6/lib/IDS/Log/File.php [master] #27

Open ghost opened 4 years ago

ghost commented 4 years ago

File_Manipulation issue exists @ external/phpids/0.6/lib/IDS/Log/File.php in branch master

The input obtained via prepareData in the file external\phpids\0.6\lib\IDS\Log\File.php at line 146 is used to determine the location of a file to be written into by execute in the file external\phpids\0.6\lib\IDS\Log\File.php at line 177, potentially allowing an attacker to alter or corrupt the contents of that file, or create a new file altogether.

Severity: High

CWE:552

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training Recommended Fix

Lines: 163

Code (Line #163):

                              urlencode($_SERVER['REQUEST_URI']),
ghost commented 4 years ago

Issue still exists.

ghost commented 4 years ago

Issue still exists.

ghost commented 4 years ago

Issue still exists.

ghost commented 4 years ago

Issue still exists.