search

kmcdon83 / DVWA

Damn Vulnerable Web Application (DVWA)
http://dvwa.co.uk
GNU General Public License v3.0
0 stars 1 forks source link

CX Code_Injection @ vulnerabilities/view_help.php [master] #6

Open ghost opened 4 years ago

ghost commented 4 years ago

Code_Injection issue exists @ vulnerabilities/view_help.php in branch master

The application's <?php method receives and dynamically executes user-controlled code using eval, at line 1 of vulnerabilities\view_help.php. This could enable an attacker to inject and run arbitrary code.  The attacker can inject the executed code via user input, _GET, which is retrieved by the application in the <?php method, at line 1 of vulnerabilities\view_help.php.

Severity: High

CWE:94

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training Recommended Fix

Lines: 11

Code (Line #11):

$id       = $_GET[ 'id' ];
ghost commented 4 years ago

Issue still exists.

ghost commented 4 years ago

Issue still exists.

ghost commented 4 years ago

Issue still exists.

ghost commented 4 years ago

Issue still exists.