Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change this code to not construct SQL queries directly from user-controlled data. (CWE-20) #101

Open
zisanyavuz opened this issue Feb 8, 2024 · 0 comments
Open

Change this code to not construct SQL queries directly from user-controlled data. (CWE-20) #101

zisanyavuz opened this issue Feb 8, 2024 · 0 comments
Assignees
@zisanyavuz
Labels
bug Something isn't working KONDUKTO

Comments

@zisanyavuz
Copy link

A high severity vulnerability has been discovered in your project.

Project Name: sonarqube-1

Scanner Name: sonarqube

Cwe ID: 20

Cwe Name: Improper Input Validation

Cwe Link: https://cwe.mitre.org/data/definitions/20.html

File: forgotusername.php

Line: 12

Code: 

        $ret = pg_query($db, "select * from users where username='".$username."';");

Language: php

Tool Description: Change this code to not construct SQL queries directly from user-controlled data.

Custom Description: test

Kondukto Link: http://10.20.104.4/projects/65c0e0844d94d54eabbd983e/vulns/appsec?page=1&perPage=15&id=in:65c0e2d9243feaacc254c03b
Deeplink: http://10.20.104.48:9000/project/issues?types=VULNERABILITY&open=AYzyN3i7Tftj40din2Pu&id=php-tudo
@zisanyavuz zisanyavuz added bug Something isn't working KONDUKTO labels Feb 8, 2024
@zisanyavuz zisanyavuz self-assigned this Feb 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zisanyavuz zisanyavuz

Labels
bug Something isn't working KONDUKTO
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@zisanyavuz