CX External_Control_of_System_or_Config_Setting @ src/main/java/org/cysecurity/cspf/jvl/controller/Install.java [master]

satyamchaurasiapersistent commented 2 years ago

External_Control_of_System_or_Config_Setting issue exists @ src/main/java/org/cysecurity/cspf/jvl/controller/Install.java in branch master

The application sets environment configuration settings setProperty, in src\main\java\org\cysecurity\cspf\jvl\controller\Install.java at line 66, providing values received from the user input @Source Element, at line 54 of src\main\java\org\cysecurity\cspf\jvl\controller\Install.java.

Severity: Medium

CWE:15

Vulnerability details and guidance

Checkmarx

Training Recommended Fix

Lines: 54 55 56 57 58 59

Code (Line #54):

        dburl = request.getParameter("dburl");

Code (Line #55):

        jdbcdriver = request.getParameter("jdbcdriver");

Code (Line #56):

        dbuser = request.getParameter("dbuser");

Code (Line #57):

        dbpass = request.getParameter("dbpass");

Code (Line #58):

        dbname = request.getParameter("dbname");

Code (Line #59):

        siteTitle= request.getParameter("siteTitle");

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent / JavaVulnerableLab

CX External_Control_of_System_or_Config_Setting @ src/main/java/org/cysecurity/cspf/jvl/controller/Install.java [master] #60