CX SQL_Injection @ website/guestbook.php [master]

[vish07]

SQL_Injection issue exists @ website/guestbook.php in branch master

Method <?php at line 1 of website\guestbook.php gets user input from the _POST element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in a database query in method add_guestbook at line 27 of website\include\guestbook.php. This may enable an SQL Injection attack.

Severity: High

CWE:89

Vulnerability details and guidance

Checkmarx

Lines: 14

---

Code (Line #14):

      $res = Guestbook::add_guestbook($_POST["name"], $_POST["comment"], False);

---

[vish07]

Issue still exists.

[vish07]

Issue still exists.