search

kmcdon83 / DVWA

Damn Vulnerable Web Application (DVWA)
http://dvwa.co.uk
GNU General Public License v3.0
0 stars 1 forks source link

CX File_Disclosure @ external/phpids/0.6/lib/IDS/Log/Email.php [master] #9

Open ghost opened 3 years ago

ghost commented 3 years ago

File_Disclosure issue exists @ external/phpids/0.6/lib/IDS/Log/Email.php in branch master

The input obtained via isSpamAttempt in the file external\phpids\0.6\lib\IDS\Log\Email.php at line 210 is used to determine the file to be read by isSpamAttempt in the file external\phpids\0.6\lib\IDS\Log\Email.php at line 210, potentially disclosing the contents of that file.

Severity: High

CWE:538

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training Recommended Fix

Lines: 237

Code (Line #237):

        $userAgent  = $_SERVER['HTTP_USER_AGENT'];
ghost commented 3 years ago

Issue still exists.

ghost commented 3 years ago

Issue still exists.

ghost commented 3 years ago

Issue still exists.

ghost commented 3 years ago

Issue still exists.