CX Input_Path_Not_Canonicalized @ src/main/webapp/vulnerability/sqli/download_id.jsp [master]

satyamchaurasiapersistent / JavaVulnerableLab

lab

0 stars 0 forks source link

CX Input_Path_Not_Canonicalized @ src/main/webapp/vulnerability/sqli/download_id.jsp [master] #5

Closed satyamchaurasiapersistent closed 2 years ago

satyamchaurasiapersistent commented 2 years ago

Input_Path_Not_Canonicalized issue exists @ src/main/webapp/vulnerability/sqli/download_id.jsp in branch master

Method fileid=request.getParameter at line 18 of src\main\webapp\vulnerability\sqli\download_id.jsp gets dynamic data from the ""fileid"" element. This element’s value then flows through the code and is eventually used in a file path for local disk access in = at line 37 of src\main\webapp\vulnerability\sqli\download_id.jsp. This may cause a Path Traversal vulnerability.

Severity: Medium

CWE:73

Vulnerability details and guidance

Checkmarx

Training Recommended Fix

Lines: 18

Code (Line #18):

    String fileid=request.getParameter("fileid");

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.