php
Security controls bypass or absence - Fingerprint - PHP
Need Enhancement of security controls for fingerprint identification Context Usage of PHP 7.0 for server-side scripting and web development Usage of Request for making HTTP requests Usage of the Customer package for managing customer data and ...
Use of software with known vulnerabilities in environments - PHP
Need Updating software and dependencies to versions without known vulnerabilities Context Usage of PHP 7.1.3 for server-side scripting and web development Usage of PHP for server-side scripting and web development Usage of fideloper/proxy for setting ...
Inappropriate coding practices - invalid file - PHP
Need Enforce proper file validation and extension matching Context Usage of PHP 7.0+ for server-side scripting and web development Usage of Request for making HTTP requests in Node.js Description Non compliant code public function uploadFile(Request ...
Server side template injection - PHP
Need Prevention of server-side template injection attacks Context Usage of PHP 7.0 for server-side scripting and web development Usage of Request for making HTTP requests Description Non compliant code public function renderTemplate(Request $request) ...
Insecure encryption algorithm - Insecure Elliptic Curve - PHP
Need Upgrade to a secure elliptic curve algorithm Context Requirement of PHP 7.0 or later for running the application Usage of phpseclib/phpseclib for secure communication and encryption in PHP Description Non compliant code ...
Password reset poisoning - PHP
Need Secure password reset functionality Context Usage of PHP 7.0+ for server-side scripting and web development Usage of Request for making HTTP requests Usage of the User dependency for managing user-related functionality Usage of PasswordReset for ...
Account Takeover - PHP
Need Enhanced account security measures Context Usage of PHP for server-side scripting and web development Usage of Request for making HTTP requests in Node.js Usage of the User dependency for managing user-related functionality Usage of Hash for ...
Insecure service configuration - Header Checking - PHP
Need Secure service configuration - Enforce Header Checking Context Usage of PHP 7.0 for server-side scripting and web development Usage of Illuminate\\Http\\Request for handling HTTP requests in Laravel Usage of Closure for JavaScript code ...
OS Command Injection - PHP
Need Prevention of OS command injection attacks Context Usage of PHP for server-side scripting and web development Usage of PHP for server-side scripting and web development Description Non compliant code This is a simple example of a PHP script that ...
Security controls absence - Monitoring - PHP
Need Implementation of robust monitoring and alerting mechanisms Context Usage of PHP 7.0 for server-side scripting and web development Usage of Illuminate\\Http\\Request for handling HTTP requests in Laravel Usage of the User model in the ...
Insecure generation of random numbers - Static IV - PHP
Need Secure generation of random numbers and dynamic initialization vectors Context Usage of PHP 7.1 for server-side scripting and web development Usage of OpenSSL for secure communication and encryption Description Non compliant code The vulnerable ...
Insecure service configuration - Object Reutilization - PHP
Need Secure object reutilization Context Usage of PHP for server-side scripting and web development Usage of Cache for efficient data storage and retrieval Usage of Controller for handling request and response logic in a web application Usage of the ...
Insufficient data authenticity validation - Front bypass - PHP
Need Enhancement of data authenticity validation to prevent front bypass Context Usage of PHP for server-side web development Usage of Request for making HTTP requests Usage of the User dependency for user-related functionality Description Non ...
Non-encrypted confidential information - Hexadecimal - PHP
Need Protection of confidential information through encryption Context Usage of PHP for server-side scripting and web development Usage of PHP for server-side scripting and web development Description Non compliant code The above PHP code is a simple ...
Use of an insecure channel - HTTP - PHP
Need Secure transmission of client information Context Requirement of PHP 7.0 or later for running the application Usage of Laravel framework for building web applications Description Non compliant code Route::get('/', function () { return ...
DOM-Based cross-site scripting (XSS) - PHP
Need Prevention of cross-site scripting attacks Context Usage of PHP 5.4+ for developing web applications Usage of PHP for server-side scripting and web development Description Non compliant code $document "; ?> In the above PHP code snippet, the ...
Insecure object reference - User deletion - PHP
Need Enhancement of user deletion process and session management Context Usage of PHP 7.0 for server-side scripting and web development Usage of the User dependency for user-related functionality Description Non compliant code public function ...
Technical information leak - Content response - PHP
Need Prevention of technical information leaks in content responses Context Usage of PHP for server-side scripting and web development Usage of Route for defining and handling routes in a web application Description Non compliant code ...
Sensitive information in source code - Credentials - PHP
Need Secure storage and management of sensitive information in source code Context Usage of PHP 7.0 for server-side scripting and web development Usage of Illuminate\\Http\\Request for handling HTTP requests in Laravel Usage of ...
Symmetric denial of service - SMTP - PHP
Need Enhancement of SMTP service to include proper input validation and limit the number of emails and characters allowed in the txtEmail attribute. Context Usage of PHP 7.0 for server-side scripting and web development Usage of Request for making ...
Insufficient data authenticity validation - Checksum verification - PHP
Need Ensure data authenticity through proper checksum verification Context Usage of PHP for server-side scripting and web development Usage of file_get_contents for reading the contents of a file Description Non compliant code In the above PHP code, ...
Insecure file upload - Files Limit - PHP
Need Enforce a limit on the number of files that can be uploaded within a specific time frame and implement proper file management to delete old files from the server. Context Requirement of PHP 7.0 or higher for running the application Usage of ...
Automatic information enumeration - Corporate information - PHP
Need Protection of corporate information from automatic enumeration Context Usage of PHP 7.0 for server-side scripting and web development Usage of Finding for efficient searching and filtering of data Description Non compliant code public function ...
Security controls bypass or absence - Session Invalidation - PHP
Need Enforce proper session invalidation and remove debugging code Context Usage of PHP 7.0 for server-side scripting and web development Usage of Illuminate\\Http\\Request for handling HTTP requests in Laravel Usage of Session facade from the ...
Lack of data validation - Non Sanitized Variables - PHP
Need Implementation of proper input validation and sanitization Context Usage of PHP for server-side scripting and web development Usage of PHP for server-side scripting and web development Description Non compliant code The above PHP code is ...
Insecure service configuration - BREACH Attack - PHP
Need Secure service configuration to prevent BREACH attacks Context Usage of PHP 7.0 for server-side scripting and web development Usage of random_bytes for generating random bytes or cryptographic keys Description Non compliant code '; echo 'Your ...
Lack of data validation - OTP - PHP
Need Implementation of robust data validation for OTP tokenCode parameter Context Usage of PHP 7.0 for server-side scripting and web development Usage of Request for making HTTP requests Usage of the User model for managing user data Description Non ...
Lack of data validation - Special Characters - PHP
Need Implementation of robust data validation for special characters Context Usage of PHP 7.0 for server-side scripting and web development Usage of Request for making HTTP requests Usage of the User package for managing user-related functionality ...
Insecure service configuration - Request Validation - PHP
Need Secure service configuration - Request Validation Context Usage of PHP 7.0 for server-side scripting and web development Usage of Request for making HTTP requests in Node.js Usage of Auth for user authentication and authorization Description Non ...
Use of insecure channel - Source code - PHP
Need Secure transmission of customer information Context Requirement of PHP 7.0 or higher for running the application Usage of Guzzle for making HTTP requests in PHP Description Non compliant code public function sendCustomerData(Request $request) { ...
User Enumeration - Wordpress - PHP
Need Prevention of user enumeration in WordPress Context Requirement of PHP 7.0 or higher for running the application Usage of Laravel framework for PHP web development Description Non compliant code // Vulnerable Code public function ...
Lack of protection against brute force attacks - Credentials - PHP
Need Implementation of strong authentication mechanisms to prevent brute force attacks on promotional codes. Context Usage of PHP 7.0 for server-side scripting and web development Usage of Illuminate\\Http\\Request for handling HTTP requests in ...
Insecure or unset HTTP headers - Content-Type - PHP
Need Enforcement of secure and properly defined Content-Type headers in server responses Context Usage of PHP for server-side scripting and web development Usage of Response for handling HTTP responses Description Non compliant code public function ...
Insecure object reference - Session management - PHP
Need Secure session management Context Requirement of PHP 7.0 or later for running the application Usage of Request for making HTTP requests Usage of the User dependency for managing user-related functionality Usage of Auth for user authentication ...
Insufficient data authenticity validation - Images - PHP
Need Enhanced data authenticity validation for profile images Context Usage of PHP 7.0 for server-side scripting and web development Usage of Laravel framework for PHP web development Usage of Illuminate/Http for handling HTTP requests and responses ...
Sensitive information in source code - Dependencies - PHP
Need Protection of sensitive information in source code and dependencies Context Requirement of PHP 5.6 or later for running the application Usage of PHP for server-side scripting and web development Description Non compliant code ...
XML injection (XXE) - Unmarshaller - PHP
Need Secure configuration of XML unmarshaller Context Usage of PHP for server-side web development Usage of Illuminate\\Http\\Request for handling HTTP requests in Laravel Description Non compliant code input('xmlData'); $xml = ...
Lack of data validation - HTML code - PHP
Need Ensure proper data validation to prevent HTML code injection Context Usage of PHP 7.0 for server-side scripting and web development Usage of Request for making HTTP requests Usage of the User dependency for managing user-related functionality ...
Improper resource allocation - Memory leak - PHP
Need Proper resource management and deallocation Context Usage of PHP 7.0 for server-side scripting and web development Usage of Illuminate/Http for HTTP request handling in Laravel Usage of Illuminate/Support for providing foundational support ...
Enabled default configuration - PHP
Need Disable default configurations to prevent unauthorized access and information leakage. Context Usage of PHP for server-side scripting and web development Usage of Laravel for PHP web application development Description Non compliant code // This ...
Next page