search

kmcdon83 / DVWA

Damn Vulnerable Web Application (DVWA)
http://dvwa.co.uk
GNU General Public License v3.0
0 stars 1 forks source link

CX File_Manipulation @ vulnerabilities/upload/source/impossible.php [master] #7

Open ghost opened 3 years ago

ghost commented 3 years ago

File_Manipulation issue exists @ vulnerabilities/upload/source/impossible.php in branch master

The input obtained via <?php in the file vulnerabilities\upload\source\impossible.php at line 1 is used to determine the location of a file to be written into by <?php in the file vulnerabilities\upload\source\impossible.php at line 1, potentially allowing an attacker to alter or corrupt the contents of that file, or create a new file altogether.

Severity: High

CWE:552

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training Recommended Fix

Lines: 9

Code (Line #9):

    $uploaded_name = $_FILES[ 'uploaded' ][ 'name' ];
ghost commented 3 years ago

Issue still exists.

ghost commented 3 years ago

Issue still exists.

ghost commented 3 years ago

Issue still exists.

ghost commented 3 years ago

Issue still exists.