Second_Order_SQL_Injection issue exists @ website/include/users.php in branch master
Method get_user at line 15 of website\include\users.php gets database data from the mysql_fetch_assoc element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in a database query in method get_purchased_pictures at line 125 of website\include\pictures.php. This may enable an Second-Order SQL Injection attack.
Second_Order_SQL_Injection issue exists @ website/include/users.php in branch master
Method get_user at line 15 of website\include\users.php gets database data from the mysql_fetch_assoc element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in a database query in method get_purchased_pictures at line 125 of website\include\pictures.php. This may enable an Second-Order SQL Injection attack.
Severity: High
CWE:89
Vulnerability details and guidance
Checkmarx
Lines: 22 102 157
Code (Line #22):
Code (Line #102):
Code (Line #157):