php
Lack of data validation - Headers - PHP
Need Implementation of proper data validation for HTTP headers Context Usage of PHP 7.0+ for server-side scripting and web development Usage of Illuminate/Http for HTTP request handling in Laravel Usage of Illuminate/Support for providing ...
Lack of data validation - Input Length - PHP
Need Implementation of proper input length validation Context Usage of PHP for server-side scripting and web development Usage of Request for making HTTP requests Usage of Post for interacting with a database or making HTTP POST requests Description ...
Lack of data validation - Host Header Injection - PHP
Need Implementation of strict input validation and sanitization for the host header field Context Usage of PHP for server-side web development Usage of Request for making HTTP requests Description Non compliant code public function redirect(Request ...
Lack of data validation - Reflected Parameters - PHP
Need Implementation of proper input validation and sanitization Context Usage of PHP 7.0 for server-side scripting and web development Usage of Request for making HTTP requests Usage of a database for storing and retrieving data Description Non ...
Lack of data validation - Responses - PHP
Need Implementation of data validation for response data Context Usage of PHP 7.0+ for server-side scripting and web development Usage of Illuminate/Http for HTTP request handling in Laravel Description Non compliant code public function ...
Lack of data validation - Session Cookie - PHP
Need Implementation of proper data validation for session cookies Context Requirement of PHP 7.0 or later for running the application Usage of Request for making HTTP requests in Node.js Usage of response for handling HTTP responses in a Node.js ...
Lack of data validation - Content Spoofing - PHP
Need Implementation of robust data validation and authentication mechanisms Context Usage of PHP 7.0 for server-side scripting and web development Usage of Request for making HTTP requests in Node.js Usage of response for handling HTTP responses in a ...
Lack of data validation - Source Code - PHP
Need Implementation of robust data validation in the source code Context Usage of PHP 7.0+ for server-side scripting and web development Usage of Request for making HTTP requests Usage of the User dependency for user-related functionality Description ...
Lack of data validation - Web Service - PHP
Need Implementation of proper data validation and input sanitization in the web service Context Usage of PHP for server-side scripting and web development Usage of Request for making HTTP requests Usage of the User dependency for user-related ...
Debugging enabled in production - PHP
Need Disabling debugging mode in production environment Context Requirement of PHP 7.0 or later for running the application Usage of Laravel for PHP web application development Description Non compliant code // .env file APP_NAME=Laravel ...
Insecure service configuration - Backdoor - PHP
Need Secure service configuration to prevent unauthorized access and backdoor installation Context Usage of PHP 7.0 for server-side scripting and web development Usage of Illuminate/Http for handling HTTP requests and responses in Laravel Usage of ...
Insecure service configuration - PHP
Need Secure service configuration to prevent XSS attacks Context Requirement of PHP 7.0 or later for running the application Usage of Laravel framework for PHP web development Description Non compliant code This is a simple route in a Laravel ...
Excessive privileges - Temporary Files - PHP
Need Enforce proper privileges and access restrictions for temporary files Context Usage of PHP 5.0+ for server-side scripting and web development Usage of sys_get_temp_dir for retrieving the system's temporary directory path Description Non ...
Uncontrolled external site redirect - PHP
Need Controlled and secure external site redirects Context Usage of PHP 7.0+ for server-side scripting and web development Usage of Illuminate\\Http\\Request for handling HTTP requests in Laravel Usage of Illuminate\\Support\\Facades\\Redirect for ...
SQL Injection - Headers - PHP
Need Prevention of SQL injection attacks in the application headers Context Usage of PHP for server-side scripting and web development Usage of mysqli for interacting with MySQL databases in Node.js Description Non compliant code The above code is a ...
Time-based SQL Injection - PHP
Need Prevention of time-based SQL injection attacks Context Usage of PHP 5.0 or later for server-side scripting and web development Usage of mysqli for interacting with MySQL databases in Node.js Description Non compliant code The above code is a ...
Insecure or unset HTTP headers - Accept - PHP
Need Enforcement of secure and restricted HTTP headers - Accept Context Usage of PHP for server-side scripting and web development Usage of Request for making HTTP requests Description Non compliant code public function get(Request $request) { ...
Use of an insecure channel - useSslProtocol() - PHP
Need Secure communication channel for the application Context Usage of PHP 7.0+ for server-side scripting and web development Usage of Illuminate/Http for HTTP request handling in Laravel Description Non compliant code false, ...
SQL injection - PHP
Need Implementation of secure coding practices to prevent SQL injection attacks Context Usage of PHP for server-side scripting and web development Usage of a database (DB) for storing and retrieving data Description Non compliant code public function ...
Inappropriate coding practices - Cyclomatic complexity - PHP
Need Improvement of coding practices to reduce cyclomatic complexity Context Usage of PHP 7.0 for server-side scripting and web development Usage of the user dependency for managing user-related functionality Usage of the item package for managing ...
Inappropriate coding practices - Eval function - PHP
Need Secure handling of user input and avoidance of using the eval function Context Usage of PHP for server-side web development Usage of Illuminate\\Http\\Request for handling HTTP requests in Laravel Usage of Illuminate\\Http\\Controller for ...
Sensitive information in source code - API Key - PHP
Need Secure storage and retrieval of sensitive information such as API keys Context Usage of PHP for server-side scripting and web development Usage of Controller for handling and managing application logic and data flow Description Non compliant ...
Lack of data validation - URL - PHP
Need Implementation of proper data validation and sanitization for URL parameters Context Usage of PHP 7.0+ for server-side scripting and web development Usage of Request for making HTTP requests in Node.js Usage of the Document library for ...
Inappropriate coding practices - PHP
Need Enforce proper encapsulation in coding practices Context Usage of PHP for server-side scripting and web development Usage of PHP for server-side scripting and web development Description Non compliant code class User { public $name; public ...
Insecure or unset HTTP headers - Cache Control - PHP
Need Enforcement of secure and appropriate Cache Control headers Context Usage of PHP 7.0+ for server-side scripting and web development Usage of Illuminate/Http for HTTP request handling in Laravel Usage of illuminate/view for rendering views in the ...
Insecure or unset HTTP headers - X-Content-Type-Options - PHP
Need Enforcement of secure Content-Type options Context Usage of PHP for server-side scripting and web development Usage of Laravel for PHP web application development Description Non compliant code The above code represents a simple route in a ...
Insecure or unset HTTP headers - Strict Transport Security - PHP
Need Implementation of Strict Transport Security (HSTS) HTTP header Context Usage of PHP for server-side scripting and web development Usage of Closure for JavaScript code optimization and minification Description Non compliant code This piece of ...
Insecurely generated cookies - SameSite - PHP
Need Secure generation of cookies with proper SameSite attribute setting Context Usage of PHP 7.0 for server-side scripting and web development Usage of Closure for JavaScript code optimization and minification Usage of Illuminate\\Http\\Request for ...
Insecurely generated cookies - HttpOnly - PHP
Need Secure generation of cookies with the HttpOnly attribute Context Usage of PHP for server-side scripting and web development Usage of Response for handling HTTP responses in a web application Usage of cookie for managing HTTP cookies in Node.js ...
Lack of data validation - Type confusion - PHP
Need Implementation of proper data validation and type checking Context Usage of PHP for server-side scripting and web development Usage of Request for making HTTP requests in Node.js Description Non compliant code public function store(Request ...
Directory listing - PHP
Need Prevention of unauthorized access to directory listings Context Requirement of PHP 7.0 or higher for running the application Usage of Laravel framework for PHP web development Usage of illuminate/support for providing support functions and ...
Race condition - PHP
Need Prevention of race conditions in the system Context Usage of PHP 7.0 for server-side scripting and web development Usage of a Controller for handling and managing application logic and data flow Usage of Request for making HTTP requests Usage of ...
Local file inclusion - PHP
Need Prevention of unauthorized access to local files Context Usage of PHP for server-side scripting and web development Usage of PHP for server-side web development Description Non compliant code In this piece of code, the application takes a file ...
Email flooding - PHP
Need Prevention of email flooding and inbox saturation Context Usage of PHP 7.0 for server-side scripting and web development Usage of Request for making HTTP requests Usage of Mail for sending emails Usage of SendMailable for sending email messages ...
HTTP parameter pollution - PHP
Need Prevention of HTTP parameter pollution Context Usage of PHP 7.0+ for server-side scripting and web development Usage of Request for making HTTP requests Usage of the User dependency for user-related functionality Description Non compliant code ...
Security controls bypass or absence - PHP
Need Implementation of robust and effective security controls Context Usage of PHP 7.0 for server-side scripting and web development Usage of Illuminate\\Http\\Request for handling HTTP requests in Laravel Usage of the User module in the App ...
Improper type assignation - PHP
Need Enforce proper type assignation in the source code Context Usage of PHP for server-side scripting and web development Description Non compliant code function process($data) { $result = $data; // Perform some operations return $result; } In the ...
Out-of-bounds read - PHP
Need Prevention of out-of-bounds read vulnerabilities Context Usage of PHP for server-side scripting and web development Usage of Request for making HTTP requests Description Non compliant code public function readArray(Request $request) { $data = ...
Improper control of interaction frequency - PHP
Need Enforcement of rate limiting to control the frequency of user interactions Context Usage of PHP 7.0 for server-side scripting and web development Usage of Illuminate\\Http\\Request for handling HTTP requests in Laravel Usage of Post for ...
LDAP injection - PHP
Need Prevention of LDAP injection attacks Context Usage of PHP 5.6+ for developing web applications Usage of LDAP for Lightweight Directory Access Protocol integration Description Non compliant code In the above code, the application is using ...
Next page