Source: zip -- Branch: main
Scan Execution date: 2022-05-02T09:27:47.434924Z
Scan Id: d1eb674f-256d-4e75-9e1a-f3285ac4a650
Scan Status: Completed
You'll find below a list of vulnerabilities identified by our service on both Static Application Security Testing and Software Composition Analysis dimensions:
- SCA analyzes open source and 3rd party libraries (vulnerabilities and legal risks)
- SAST focuses on custom code (built by the development team)
| SCA | SAST | ||
|---|---|---|---|
| 🔴 HIGH |
🔴 HIGH |
🟠 MEDIUM |
🟢 LOW |
| 0 | 3 | 2 | 2 |
NO Packages with HIGH CVEs
NO Packages with HIGH CVEs
(1) HIGH - Command_Injection
CWE: 77
(RECURRENT) Description:The application's $PageLoad method calls an OS (shell) command with exec, at line 14 of /sample.php, using an untrusted string with the command to execute.
This could allow an attacker to inject an arbitrary command, and enable a Command Injection attack.
The attacker may be able to inject the executed command via user input, _COOKIE, which is retrieved by the application in the $PageLoad method, at line 13 of /sample.php.
origin: /sample.php -
execline 14
(1) HIGH - Reflected_XSS_All_Clients
CWE: 79
(RECURRENT) Description:The application's $PageLoad embeds untrusted data in the generated output with echo, at line 5 of /sample.php. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by simply providing modified data in the user input _GET, which is read by the $PageLoad method at line 4 of /sample.php. This input then flows through the code straight to the output web page, without sanitization.
This can enable a Reflected Cross-Site Scripting (XSS) attack.
origin: /sample.php -
echoline 5
(1) HIGH - SQL_Injection
CWE: 89
(RECURRENT) Description:The application's $PageLoad method executes an SQL query with mysql_query, at line 10 of /sample.php. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.
An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input _POST; this input is then read by the $PageLoad method at line 9 of /sample.php. This input then flows through the code, into a query and to the database server - without sanitization.
This may enable an SQL Injection attack.
origin: /sample.php -
mysql_queryline 10
(1) MEDIUM - Missing_HSTS_Header
CWE: 346
(RECURRENT) Description:The web-application does not define an HSTS header, leaving it vulnerable to attack.
origin: /sample.php -
$NS_sample_79a4f4e1line 1
(1) MEDIUM - Parameter_Tampering
CWE: 472
(RECURRENT) Description:Method $PageLoad at line 9 of /sample.php gets user input from element _POST. This input is later concatenated by the application directly into a string variable containing SQL commands, without being validated. This string is then used in method $PageLoad to query the database mysql_query, at line 10 of /sample.php, without any additional filtering by the database. This could allow the user to tamper with the filter parameter.https://github.com/Sanofi-Shared-GitHub-Apps/cyber-private-test-alac/blob/ad52ab02d2c3a6322ee62e2d6b28181ecabc0f08/sample.php#L8-L12
origin: /sample.php -
mysql_queryline 10