Q
Detector Library
PHP detectors (34/34)
Server Side Request ForgerySQL InjectionActivated Debug FeatureSensitive information leakLog InjectionOrigins-verified cross-origin communicationsCross-site scriptingDangerous Function UsagePath TraversalAvoiding Exceptions in PHPOS command injectionIncorrect ComparisonLdap Bind Without PasswordSendfile InjectionAssert UseLoose file permissionsImproper AuthenticationInsecure connectionWeak Random Number GenerationOpen RedirectAllow Url Fopen Or IncludeInsecure cryptographyObject Input Stream Insecure DeserializationCookie Without Http Only FlagCode InjectionZip bomb attackUnsafe ReflectionSecure Signal HandlingDeserialization of untrusted dataStatic Initialization Vector (IV)Coral Csrf RuleInsecure cookieImproper access controlInsecure Object Attribute Modification
Insecure cookie High
Insecure cookie settings can lead to unencrypted cookie transmission. Even if a cookie doesn't contain sensitive data now, sensitive data could be added later. It's good practice to transmit all cookies only through secure channels.
Detector ID
php/insecure-cookie@v1.0
Category
Common Weakness Enumeration (CWE) 
Noncompliant example
1// Noncompliant: Used insecure FTP functions that transmit credentials in plain text, such as ftp_login.
2$login_result = ftp_login($conn_id, $ftp_user_name, $ftp_user_pass);Compliant example
1// Compliant: Used secure file transfer functions like ssh2_scp_send
2ssh2_scp_send($connection, '/local/filename', '/remote/filename', 0644);