Page tree
Skip to end of metadata
Go to start of metadata

Exploitable Security Issues (102)

NameSeveritySecond-Order AnalysisCWE [?]OWASP Top 10 [?]SANS 25 [?]PCI DSS [?]ASVS [?]
Command ExecutionCriticalYes78A126.5.15.12
Code ExecutionCriticalYes95A1186.5.116.4
File Write (Arbitrary)CriticalYes96A1106.5.816.2
File Write (PHP file)CriticalYes96A1106.5.8
Code Execution (eval modifier)CriticalYes624A1186.5.116.4
Remote File InclusionCriticalYes98A4136.5.85.13
SQL InjectionCriticalYes89A116.5.15.1
SQL Injection (unquoted)CriticalYes89A116.5.15.1
SQL Injection (single-quoted)CriticalYes89A116.5.15.1
SQL Injection (double-quoted)CriticalYes89A116.5.15.1
SQL Injection (multiple-input)CriticalYes89A116.5.15.1
PHP Object InjectionCriticalNo502A4186.5.1
Local File InclusionHighYes97A4136.5.85.13
Local File Inclusion (limited)HighYes626A4136.5.85.13
File InclusionHighYes98A4136.5.85.13
LDAP InjectionHighYes90A1
6.5.1
Path TraversalHighYes22A4136.5.89.5
PHP Object InstantiationHighNo470A4106.5.816.4
CVEHighYes
A9
6.2
Buffer OverflowHighYes120A936.25.1
Incorrect Buffer SizeHighYes131A9206.2
Denial of ServiceHighYes400A9
6.2
Integer OverflowHighYes190A9246.2
Format StringHighYes134A9236.2
Security BypassHighYes693A9186.2
Use After FreeHighYes416A9
6.2
Double FreeHighYes415A9
6.2
Null Pointer DereferenceHighYes476A9
6.2
Type ConfusionHighYes843A9
6.2
Path Traversal (limited)HighYes626A4136.5.89.5
Denial of ServiceHighYes730A5
6.5.5
XQuery InjectionMediumYes652A1
6.5.15.14
XPath InjectionMediumYes643A1
6.5.15.14
XPath Injection (unquoted)MediumYes643A1
6.5.15.14
XPath Injection (single-quoted)MediumYes643A1
6.5.15.14
XPath Injection (double-quoted)MediumYes643A1
6.5.15.14
Reflection InjectionMediumNo470A7166.5.816.4
XSLT InjectionMediumYes494A196.5.15.14
File CreateMediumYes73A4136.5.816.2
File DeleteMediumYes73A4136.5.89.5
File ManipulationMediumYes732A4176.5.89.5
XML/XXE InjectionMediumYes91A1
6.5.15.14
File UploadMediumNo434A596.5.8
Cross-Site ScriptingMediumYes79A346.5.75.15
Cross-Site Scripting (normal tag)MediumYes80A346.5.75.15
Cross-Site Scripting (script tag)MediumYes79A346.5.75.15

Cross-Site Scripting (style tag)

MediumYes79A346.5.75.15
Cross-Site Scripting (comment)MediumYes79A346.5.75.15
Cross-Site Scripting (attribute name)MediumYes79A346.5.75.15
Cross-Site Scripting (unquoted attribute)MediumYes79A346.5.75.15
Cross-Site Scripting (single-quoted attribute)MediumYes79A346.5.75.15
Cross-Site Scripting (double-quoted attribute)MediumYes79A346.5.75.15
Cross-Site Scripting (eventhandler)MediumYes83A346.5.75.15
Cross-Site Scripting (url attribute)MediumYes84A346.5.75.15
Cross-Site Scripting (style attribute)MediumYes79A346.5.75.15
File WriteMediumYes96A1106.5.816.2
File Write (JSON file)MediumYes79A4106.5.816.2
File Write (CSS file)MediumYes79A3106.5.816.2
File Write (HTML file)MediumYes79A3106.5.816.2
Server-Side JavaScript InjectionMediumYes94A1166.5.1
NoSQL InjectionMediumYes94A1
6.5.1
MongoDB InjectionMediumYes94A1
6.5.1
Session FixationMediumNo384A2
6.5.103.1
Server-Side Request ForgeryMediumNo918A10
6.5.116.1
Open RedirectMediumNo601A10226.5.816.1
Reflection Injection (Autoload)MediumNo23A7136.5.816.4
HTTP Response SplittingMediumNo113A10

3.1
Variable TamperingMediumYes627A4
6.5.816.4
Variable Tampering (register globals)MediumYes621A5106.5.816.4
Variable Tampering (write)MediumYes473A4
6.5.816.4
Variable Tampering (read)MediumYes621A4
6.5.816.4
Mass AssignmentMediumYes915A4106.5.85.16
Log ForgeLowYes117A4

8.8
Memcached InjectionLowYes143A1206.5.1
Connection String InjectionLowYes99A5166.5.4
Connection String Injection (FTP)LowYes99A5166.5.4
Connection String Injection (DBMS)LowYes99A5166.5.4
Resource InjectionLowNo93A4166.5.1
Resource Injection (Mail)LowNo93A4166.5.1
Resource Injection (FTP)LowNo93A4166.5.1
Environment ManipulationLowYes471A5106.5.8
Library InjectionLowNo114A511

HTTP Parameter PollutionLowNo233A10
6.5.45.17
Directory ListingLowYes548A4136.5.84.5
Information LeakageLowYes209A6
6.5.58.1
Information Leakage (System)LowYes214A6
6.5.58.1
Information Leakage (SQL Error)LowYes209A6
6.5.58.1
Information Leakage (Session Token in URL)LowYes201A2
6.5.103.6
Information Leakage (Password)LowYes209A6
6.5.5
Information Leakage (Crypto)LowYes209A6
6.5.5
Weak CryptographyLowYes310A6
6.5.3
Weak Cryptography (broken algorithm)LowYes327A6196.5.37.8
Weak Cryptography (static parameter)LowYes328A6
6.5.3
Weak Cryptography (low entropy)LowYes330A6
6.5.37.15
Weak Cryptography (missing padding)LowYes325A6
6.5.3
Weak Cryptography (unsafe storage)LowYes
A686.5.3
Weak Cryptography (unsafe hash comparison)LowYes
A6
6.5.3
Weak Cryptography (cert verification)LowYes295A6
6.5.410.3

Code Quality Issues (44)

NameSeveritySecond-Order AnalysisCWE [?]OWASP Top 10 [?]SANS 25 [?]PCI DSS [?]ASVS [?]
External Variable InitializationMediumYes454



Variable Extraction ErrorMediumYes621



Cookie MisconfigurationLowYes494A5
6.5.103.12
Cookie Misconfiguration (expiry)LowYes539A5
6.5.103.4
Cookie Misconfiguration (secure flag)LowYes614A5
6.5.10
Cookie Misconfiguration (path)LowYes287A5
6.5.10
Cookie Misconfiguration (domain)LowYes287A5
6.5.10
Cookie Misconfiguration (httpOnly flag)LowYes200A5
6.5.10
Weak HTTP headerLowNo644A5
6.5.4
Generic Exception CatchLowYes396



Hard-coded PasswordLowYes259



Dangerous PHP FeatureLowYes242



Executable RegexLowYes624



Execution After RedirectLowNo698A7


Weak Strict-Transport-Security headerLowNo523A5
6.5.410.11
Weak X-XSS Protection headerLowNo693A5
4.1.g11.8
Weak CSP headerLowNo693A5
6.5.411.7
Weak CORS HeaderLowYes346A5
6.5.416.5
Weak XFO headerLowNo1021A6
6.5.411.4
Divide By ZeroLowYes369



Dynamic SQL QueryLowYes89



Missing Error HandlingLowYes390



Missing Default CaseLowYes478



Omitted Break StatementLowYes484



Deprecated PHP FeatureLowYes477



Permissive RegexLowYes625



Weak Hash FunctionLowYes328



Type Unsafe ComparisonLowYes597



Generic Exception ThrowLowYes397



Empty Exception CatchLowYes755



Uncaught ExceptionLowYes248



Return Inside FinallyLowYes584



Expression Always TrueLowYes571



Expression Always FalseLowYes572



Ignored Return ValueLowYes253



Write to $GLOBALSLowYes518



Loop Iteration ChangeLowYes834



Leftover Debug CodeLowYes489



Assign Instead CompareLowYes481



Compare Instead AssignLowYes482



Decision by CookieLowYes784



Decision by DNSLowYes350



Decision by IPLowYes291



Parse errorLowYes




Suspicious CommentLowYes546



  • No labels